From d2a55c0db8499abe27682f932d090fad09bcd1f8 Mon Sep 17 00:00:00 2001 From: goosenotduck Date: Mon, 8 Jun 2026 13:47:48 -0400 Subject: [PATCH] Fix header auth + http compliancy --- auth.go | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/auth.go b/auth.go index da230d9..59abe07 100644 --- a/auth.go +++ b/auth.go @@ -7,6 +7,7 @@ import ( "errors" "io" "net/http" + "strings" "time" "github.com/coreos/go-oidc/v3/oidc" @@ -164,12 +165,14 @@ func (auth *Auth) HeaderMiddleware() gin.HandlerFunc { c.AbortWithStatus(http.StatusUnauthorized) return } - if header[0:8] != "Bearer: " { + if !strings.HasPrefix(header, "Bearer ") { c.Header("WWW-Authenticate", "Bad Authentication Header") c.AbortWithStatus(http.StatusUnauthorized) return } - err := auth.setGinContext(c, header) + + jwt := strings.TrimPrefix(header, "Bearer ") + err := auth.setGinContext(c, jwt) if err != nil { log.Error("failed to set context") c.Header("WWW-Authenticate", "Authentication Token Invalid")