If `authorization` is not of type Bearer to ignore it and check the cookie #318

cberescu · 2023-12-06T21:18:47Z

Prerequisites

I have written a descriptive issue title
I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

I think it would help for the authorization header to be skipped if it is not Bearer type. No reason to throw an error if it is not the expected format.
Easies way to do it is to change this line
if ((request.headers && request.headers.authorization) && (!onlyCookie))
into
if ((request.headers && request.headers.authorization) && (!onlyCookie) && (/^Bearer/i.test(request.headers.authorization)))

Motivation

A good example is if you are using also the Basic auth on the same domain.

Example

No response

The text was updated successfully, but these errors were encountered:

mcollina · 2023-12-26T13:34:44Z

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.

mcollina added the good first issue Good for newcomers label Dec 26, 2023

cberescu mentioned this issue Jan 5, 2024

Ignore authorization headers if not Bearer #325

Merged

4 tasks

mcollina closed this as completed in #325 Jan 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

If `authorization` is not of type Bearer to ignore it and check the cookie #318

If `authorization` is not of type Bearer to ignore it and check the cookie #318

cberescu commented Dec 6, 2023

mcollina commented Dec 26, 2023

If authorization is not of type Bearer to ignore it and check the cookie #318

If authorization is not of type Bearer to ignore it and check the cookie #318

Comments

cberescu commented Dec 6, 2023

Prerequisites

🚀 Feature Proposal

Motivation

Example

mcollina commented Dec 26, 2023

If `authorization` is not of type Bearer to ignore it and check the cookie #318

If `authorization` is not of type Bearer to ignore it and check the cookie #318