search

activemerchant / active_merchant

Active Merchant is a simple payment abstraction library extracted from Shopify. The aim of the project is to feel natural to Ruby users and to abstract as many parts as possible away from the user to offer a consistent interface across all supported gateways.
http://activemerchant.org
MIT License
4.54k stars 2.5k forks source link

header field value cannot include CR/LF with Stripe #3660

Open wsmoak opened 4 years ago

wsmoak commented 4 years ago

We recently started seeing "header field value cannot include CR/LF" when attempting to use Stripe.

This is the problematic line: https://github.com/activemerchant/active_merchant/blob/8b5d2ac8abc859246c8ce3fc0b9c3d2fe5d46bb4/lib/active_merchant/billing/gateways/stripe.rb#L616

Apparently Stripe has started issuing secret keys (access tokens) that are much longer, and the plain encode64 method will insert newlines in long strings.

The fix is to switch to the strict_encode64 method, which does not.

This article helped us find the problem: https://stackoverflow.com/questions/2620975/strange-n-in-base64-encoded-string-in-ruby

nfriend21 commented 4 years ago

We just ran into this problem as well.

fred-stripe commented 4 years ago

A better solution might would be to use Bearer authentication, which is supported by the Stripe API as well.

This is the problematic line: https://github.com/activemerchant/active_merchant/blob/8b5d2ac8abc859246c8ce3fc0b9c3d2fe5d46bb4/lib/active_merchant/billing/gateways/stripe.rb#L616

Changing this line to the following would repair the error and not require string replacement / newline stripping on the base64 output:

'Authorization' => 'Bearer ' + key.to_s,
danwetherald commented 4 years ago

We are now seeing this issue popup as well on newer Stripe accounts.

Any plans to push out a PR?

danwetherald commented 4 years ago

We recently started seeing "header field value cannot include CR/LF" when attempting to use Stripe.

This is the problematic line: https://github.com/activemerchant/active_merchant/blob/8b5d2ac8abc859246c8ce3fc0b9c3d2fe5d46bb4/lib/active_merchant/billing/gateways/stripe.rb#L616

Apparently Stripe has started issuing secret keys (access tokens) that are much longer, and the plain encode64 method will insert newlines in long strings.

The fix is to switch to the strict_encode64 method, which does not.

This article helped us find the problem: https://stackoverflow.com/questions/2620975/strange-n-in-base64-encoded-string-in-ruby

Looks like this was already committed a few weeks ago:

https://github.com/activemerchant/active_merchant/blob/master/lib/active_merchant/billing/gateways/stripe.rb#L616

danwetherald commented 4 years ago

After updating my ActiveMerchant gem the new stripe accounts are now working.