Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

header field value cannot include CR/LF with Stripe #3660

Open
wsmoak opened this issue Jun 10, 2020 · 5 comments
Open

header field value cannot include CR/LF with Stripe #3660

wsmoak opened this issue Jun 10, 2020 · 5 comments

Comments

@wsmoak
Copy link
Contributor

wsmoak commented Jun 10, 2020

We recently started seeing "header field value cannot include CR/LF" when attempting to use Stripe.

This is the problematic line:

active_merchant/lib/active_merchant/billing/gateways/stripe.rb

Line 616 in 8b5d2ac

'Authorization' => 'Basic ' + Base64.encode64(key.to_s + ':').strip,

Apparently Stripe has started issuing secret keys (access tokens) that are much longer, and the plain encode64 method will insert newlines in long strings.

The fix is to switch to the strict_encode64 method, which does not.

This article helped us find the problem:
https://stackoverflow.com/questions/2620975/strange-n-in-base64-encoded-string-in-ruby
@nfriend21
Copy link

We just ran into this problem as well.

@fred-stripe
Copy link

fred-stripe commented Jun 22, 2020
edited
Loading

A better solution might would be to use Bearer authentication, which is supported by the Stripe API as well.

This is the problematic line:

active_merchant/lib/active_merchant/billing/gateways/stripe.rb

Line 616 in 8b5d2ac

'Authorization' => 'Basic ' + Base64.encode64(key.to_s + ':').strip,

Changing this line to the following would repair the error and not require string replacement / newline stripping on the base64 output:

'Authorization' => 'Bearer ' + key.to_s,

@danwetherald
Copy link

We are now seeing this issue popup as well on newer Stripe accounts.

Any plans to push out a PR?

@danwetherald
Copy link

We recently started seeing "header field value cannot include CR/LF" when attempting to use Stripe.

This is the problematic line:

active_merchant/lib/active_merchant/billing/gateways/stripe.rb

Line 616 in 8b5d2ac

'Authorization' => 'Basic ' + Base64.encode64(key.to_s + ':').strip,

Apparently Stripe has started issuing secret keys (access tokens) that are much longer, and the plain encode64 method will insert newlines in long strings.

The fix is to switch to the strict_encode64 method, which does not.

This article helped us find the problem:
https://stackoverflow.com/questions/2620975/strange-n-in-base64-encoded-string-in-ruby

Looks like this was already committed a few weeks ago:

https://github.com/activemerchant/active_merchant/blob/master/lib/active_merchant/billing/gateways/stripe.rb#L616

@danwetherald
Copy link

After updating my ActiveMerchant gem the new stripe accounts are now working.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@wsmoak @danwetherald @nfriend21 @fred-stripe