Hello,
I am running an application that makes use of application proxies. It is working great however I have recently discovered that if a param with a special character is passed to the proxy then it will cause the signature calculation and comparison to fail.
I am using the following method to compare the signatures
query_parameters = Rack::Utils.parse_query(request.query_string)
# Remove and save the "signature" entry
signature = query_parameters.delete("signature")
sorted_params = query_parameters.collect{ |k, v| "#{k}=#{Array(v).join(',')}" }.sort.join
calculated_signature = OpenSSL::HMAC.hexdigest(OpenSSL::Digest::Digest.new('sha256'), SHOPIFY_SECRET, sorted_params)
raise 'Invalid signature' if signature != calculated_signature
This works fine if the user visits the site at say /apps/proxys/test or /apps/proxys/test?extra_param=english
however if the user has some additional query parameters with special characters I cannot figure out how to correctly calculate the signature /apps/proxys/test?extra_param=España.
Does anyone have any idea of how to correctly calculate a request signature for a request with special characters in the params?
Thank you very much