shopify_app 8.2.2 → 8.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -0
- data/README.md +12 -4
- data/app/controllers/shopify_app/authenticated_controller.rb +1 -0
- data/app/controllers/shopify_app/webhooks_controller.rb +1 -1
- data/lib/generators/shopify_app/install/templates/_flash_messages.html.erb +4 -2
- data/lib/shopify_app/controller_concerns/app_proxy_verification.rb +1 -1
- data/lib/shopify_app/version.rb +1 -1
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: e1662a396a08cd1ba5550280392d00fe2886e0ca
|
|
4
|
+
data.tar.gz: 8b8744e2ae2ece532aa36973cc6057642cba49cd
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 1cd6fd0df8ecddb2dfc28a5cd301dac2606cb729e62261d7363a06c7044568466eb9ee13fa2225f1a599b3c7c7bacdb53cbc7fe5f73597437abcd59b156e0128
|
|
7
|
+
data.tar.gz: 0f1ef949777a3f65b857b69e2bb328db7b449450cd7ac3fc3eb3924106791e6fd91dc40a4f1bd2d25026685f5e33bc0e02449e10cc5c33bf03b7651615a753a0
|
data/CHANGELOG.md
CHANGED
|
@@ -1,3 +1,11 @@
|
|
|
1
|
+
8.2.4
|
|
2
|
+
-----
|
|
3
|
+
* Add CSRF protection through `protect_from_forgery with: :exception` on `ShopifyApp::AuthenticatedController`
|
|
4
|
+
|
|
5
|
+
8.2.3
|
|
6
|
+
-----
|
|
7
|
+
* Send head :forbidden instead of :unauthorized when AppProxyVerification fails
|
|
8
|
+
|
|
1
9
|
8.2.2
|
|
2
10
|
-----
|
|
3
11
|
* Changes how the ESDK concern allows iframes. Fixes an issue with the first request for some people
|
data/README.md
CHANGED
|
@@ -8,6 +8,7 @@ Shopify App
|
|
|
8
8
|
|
|
9
9
|
Shopify Application Rails engine and generator
|
|
10
10
|
|
|
11
|
+
#### NOTE : Versions 8.0.0 through 8.2.3 contained a CSRF vulnerability that was addressed in version 8.2.4. Please update to version 8.2.4 if you're using an old version.
|
|
11
12
|
|
|
12
13
|
Table of Contents
|
|
13
14
|
-----------------
|
|
@@ -275,20 +276,27 @@ ShopifyApp.configure do |config|
|
|
|
275
276
|
end
|
|
276
277
|
```
|
|
277
278
|
|
|
278
|
-
If you'd rather implement your own controller then you'll want to use the WebhookVerfication module to verify your webhooks:
|
|
279
|
+
If you'd rather implement your own controller then you'll want to use the WebhookVerfication module to verify your webhooks, example:
|
|
279
280
|
|
|
280
281
|
```ruby
|
|
281
282
|
class CustomWebhooksController < ApplicationController
|
|
282
283
|
include ShopifyApp::WebhookVerification
|
|
283
284
|
|
|
284
285
|
def carts_update
|
|
285
|
-
|
|
286
|
-
|
|
286
|
+
params.permit!
|
|
287
|
+
SomeJob.perform_later(shop_domain: shop_domain, webhook: webhook_params.to_h)
|
|
288
|
+
head :no_content
|
|
289
|
+
end
|
|
290
|
+
|
|
291
|
+
private
|
|
292
|
+
|
|
293
|
+
def webhook_params
|
|
294
|
+
params.except(:controller, :action, :type)
|
|
287
295
|
end
|
|
288
296
|
end
|
|
289
297
|
```
|
|
290
298
|
|
|
291
|
-
The module skips the `verify_authenticity_token` before_action and adds an action to verify that the webhook came from Shopify.
|
|
299
|
+
The module skips the `verify_authenticity_token` before_action and adds an action to verify that the webhook came from Shopify. You can now add a post route to your application pointing to the controller and action to accept the webhook data from Shopify.
|
|
292
300
|
|
|
293
301
|
The WebhooksManager uses ActiveJob, if ActiveJob is not configured then by default Rails will run the jobs inline. However it is highly recommended to configure a proper background processing queue like sidekiq or resque in production.
|
|
294
302
|
|
|
@@ -5,7 +5,7 @@ module ShopifyApp
|
|
|
5
5
|
class ShopifyApp::MissingWebhookJobError < StandardError; end
|
|
6
6
|
|
|
7
7
|
def receive
|
|
8
|
-
params.
|
|
8
|
+
params.permit!
|
|
9
9
|
job_args = {shop_domain: shop_domain, webhook: webhook_params.to_h}
|
|
10
10
|
webhook_job_klass.perform_later(job_args)
|
|
11
11
|
head :no_content
|
|
@@ -1,8 +1,8 @@
|
|
|
1
1
|
<% content_for :javascript do %>
|
|
2
2
|
<script type="text/javascript">
|
|
3
|
-
var eventName = typeof(Turbolinks) !== 'undefined' ? '
|
|
3
|
+
var eventName = typeof(Turbolinks) !== 'undefined' ? 'turbolinks:load' : 'DOMContentLoaded';
|
|
4
4
|
|
|
5
|
-
document.addEventListener(eventName, function() {
|
|
5
|
+
document.addEventListener(eventName, function flash() {
|
|
6
6
|
<% if flash[:notice] %>
|
|
7
7
|
ShopifyApp.flashNotice("<%= j flash[:notice].html_safe %>");
|
|
8
8
|
<% end %>
|
|
@@ -10,6 +10,8 @@
|
|
|
10
10
|
<% if flash[:error] %>
|
|
11
11
|
ShopifyApp.flashError("<%= j flash[:error].html_safe %>");
|
|
12
12
|
<% end %>
|
|
13
|
+
|
|
14
|
+
document.removeEventListener(eventName, flash)
|
|
13
15
|
});
|
|
14
16
|
</script>
|
|
15
17
|
<% end %>
|
data/lib/shopify_app/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: shopify_app
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 8.2.
|
|
4
|
+
version: 8.2.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Shopify
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2017-
|
|
11
|
+
date: 2017-11-08 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -215,7 +215,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
215
215
|
version: '0'
|
|
216
216
|
requirements: []
|
|
217
217
|
rubyforge_project:
|
|
218
|
-
rubygems_version: 2.5.2
|
|
218
|
+
rubygems_version: 2.5.2.1
|
|
219
219
|
signing_key:
|
|
220
220
|
specification_version: 4
|
|
221
221
|
summary: This gem is used to get quickly started with the Shopify API
|