Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

header field value cannot include CR/LF with Stripe #3660

Open
wsmoak opened this issue Jun 10, 2020 · 6 comments
Open

header field value cannot include CR/LF with Stripe #3660

wsmoak opened this issue Jun 10, 2020 · 6 comments
Labels

Comments

@wsmoak
Copy link
Contributor

wsmoak commented Jun 10, 2020

We recently started seeing "header field value cannot include CR/LF" when attempting to use Stripe.

This is the problematic line:

'Authorization' => 'Basic ' + Base64.encode64(key.to_s + ':').strip,

Apparently Stripe has started issuing secret keys (access tokens) that are much longer, and the plain encode64 method will insert newlines in long strings.

The fix is to switch to the strict_encode64 method, which does not.

This article helped us find the problem:
https://stackoverflow.com/questions/2620975/strange-n-in-base64-encoded-string-in-ruby

@nfriend21
Copy link

We just ran into this problem as well.

@fred-stripe
Copy link

fred-stripe commented Jun 22, 2020

A better solution might would be to use Bearer authentication, which is supported by the Stripe API as well.

This is the problematic line:

'Authorization' => 'Basic ' + Base64.encode64(key.to_s + ':').strip,

Changing this line to the following would repair the error and not require string replacement / newline stripping on the base64 output:

'Authorization' => 'Bearer ' + key.to_s,

@danwetherald
Copy link

We are now seeing this issue popup as well on newer Stripe accounts.

Any plans to push out a PR?

@danwetherald
Copy link

We recently started seeing "header field value cannot include CR/LF" when attempting to use Stripe.

This is the problematic line:

'Authorization' => 'Basic ' + Base64.encode64(key.to_s + ':').strip,

Apparently Stripe has started issuing secret keys (access tokens) that are much longer, and the plain encode64 method will insert newlines in long strings.

The fix is to switch to the strict_encode64 method, which does not.

This article helped us find the problem:
https://stackoverflow.com/questions/2620975/strange-n-in-base64-encoded-string-in-ruby

Looks like this was already committed a few weeks ago:

https://github.com/activemerchant/active_merchant/blob/master/lib/active_merchant/billing/gateways/stripe.rb#L616

@danwetherald
Copy link

After updating my ActiveMerchant gem the new stripe accounts are now working.

Copy link

To provide a cleaner slate for the maintenance of the library, this PR/Issue is being labeled stale after 60 days without activity. It will be closed in 14 days unless you comment with an update regarding its applicability to the current build. Thank you!

@github-actions github-actions bot added the Stale label Nov 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

4 participants