Case sensitive Authorization header with lower-cased scheme in… (#6724)

2019-11-01 14:56:41 +01:00 · 2019-11-01 14:56:41 +01:00 · 3ad20d8d5b
parent bc04ae816c
commit 3ad20d8d5b
1 changed files with 1 additions and 1 deletions
--- a/agent/http.go
+++ b/agent/http.go
@ -892,7 +892,7 @@ func (s *HTTPServer) parseTokenInternal(req *http.Request, token *string) {
 			value := strings.TrimSpace(strings.Join(parts[1:], " "))

 			// <Scheme> must be "Bearer"
-			if scheme == "Bearer" {
+			if strings.ToLower(scheme) == "bearer" {
 				// Since Bearer tokens shouldnt contain spaces (rfc6750#section-2.1)
 				// "value" is tokenized, only the first item is used
 				tok = strings.TrimSpace(strings.Split(value, " ")[0])