fix: Accept lowercase Authorization tokens.

2024-10-03 14:55:10 +00:00 · 2021-12-03 11:55:43 +01:00
parent 5a01f09f81
commit 9c52011add
6 changed files with 42 additions and 5 deletions
--- a/src/authentication/BearerWebIdExtractor.ts
+++ b/src/authentication/BearerWebIdExtractor.ts
@@ -19,7 +19,7 @@ export class BearerWebIdExtractor extends CredentialsExtractor {

  public async canHandle({ headers }: HttpRequest): Promise<void> {
    const { authorization } = headers;
-    if (!authorization || !authorization.startsWith('Bearer ')) {
+    if (!authorization || !/^Bearer /ui.test(authorization)) {
      throw new NotImplementedHttpError('No Bearer Authorization header specified.');
    }
  }