Skip to content

Commit 34534ed

Browse files
kentcdoddskentcdodds
committed
fix: update default authorization header to include empty Bearer token and improve validation logic
1 parent de71fb9 commit 34534ed

File tree

3 files changed

+17
-7
lines changed

3 files changed

+17
-7
lines changed

client/src/App.tsx

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,13 @@ const App = () => {
165165
}
166166

167167
// Default to empty array
168-
return [];
168+
return [
169+
{
170+
name: "Authorization",
171+
value: "Bearer ",
172+
enabled: false,
173+
},
174+
];
169175
});
170176

171177
const [pendingSampleRequests, setPendingSampleRequests] = useState<

client/src/lib/hooks/__tests__/useConnection.test.tsx

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -914,14 +914,14 @@ describe("useConnection", () => {
914914
expect(headers).toHaveProperty("Authorization", "Bearer mock-token");
915915
});
916916

917-
test("replaces empty Bearer token placeholder with OAuth token", async () => {
917+
test("warns of enabled empty Bearer token", async () => {
918918
// This test prevents regression of the bug where default "Bearer " header
919919
// prevented OAuth token injection, causing infinite auth loops
920920
const customHeaders: CustomHeaders = [
921921
{
922922
name: "Authorization",
923923
value: "Bearer ", // Empty Bearer token placeholder
924-
enabled: true,
924+
enabled: true, // enabled
925925
},
926926
];
927927

@@ -937,8 +937,8 @@ describe("useConnection", () => {
937937
});
938938

939939
const headers = mockSSETransport.options?.requestInit?.headers;
940-
// Should replace the empty "Bearer " with actual OAuth token
941-
expect(headers).toHaveProperty("Authorization", "Bearer mock-token");
940+
941+
expect(headers).toHaveProperty("Authorization", "Bearer");
942942
// Should not have the x-custom-auth-headers since Authorization is standard
943943
expect(headers).not.toHaveProperty("x-custom-auth-headers");
944944

client/src/lib/hooks/useConnection.ts

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -402,7 +402,7 @@ export function useConnection({
402402

403403
const isEmptyAuthHeader = (header: CustomHeaders[number]) =>
404404
header.name.trim().toLowerCase() === "authorization" &&
405-
header.value.trim() === "Bearer";
405+
header.value.trim().toLowerCase() === "bearer";
406406

407407
// Check for empty Authorization headers and show validation error
408408
const hasEmptyAuthHeader = finalHeaders.some(
@@ -418,7 +418,11 @@ export function useConnection({
418418
});
419419
}
420420

421-
const needsOAuthToken = finalHeaders.length === 0 || hasEmptyAuthHeader;
421+
const needsOAuthToken = !finalHeaders.some(
422+
(header) =>
423+
header.enabled &&
424+
header.name.trim().toLowerCase() === "authorization",
425+
);
422426

423427
if (needsOAuthToken) {
424428
const oauthToken = (await serverAuthProvider.tokens())?.access_token;

0 commit comments

Comments
 (0)