Skip to content

Commit f45826e

Browse files
committed
Disallow invalid character after BEARER prefix
1 parent b65e1d3 commit f45826e

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

jwtauth.go

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -268,7 +268,7 @@ func TokenFromCookie(r *http.Request) string {
268268
func TokenFromHeader(r *http.Request) string {
269269
// Get token from authorization header.
270270
bearer := r.Header.Get("Authorization")
271-
if len(bearer) > 7 && strings.ToUpper(bearer[0:6]) == "BEARER" {
271+
if len(bearer) > 7 && strings.EqualFold(bearer[0:7], "Bearer ") {
272272
return bearer[7:]
273273
}
274274
return ""

0 commit comments

Comments
 (0)