From 8b375ee4c86f2463d725cd70822ee359610c5251 Mon Sep 17 00:00:00 2001
From: L480 <mail@nico-schiering.de>
Date: Sun, 2 Nov 2025 08:28:08 +0100
Subject: [PATCH] Added X-Authorization header

---
 cmd/tesla-http-api/main.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmd/tesla-http-api/main.go b/cmd/tesla-http-api/main.go
index ae2b902..360fdc6 100644
--- a/cmd/tesla-http-api/main.go
+++ b/cmd/tesla-http-api/main.go
@@ -45,13 +45,19 @@ func router(next http.Handler) http.Handler {
 			}
 		case "api":
 			if apiTokenEnabled {
+				// Accept Authorization header or the legacy/custom X-Authorization
 				token := r.Header.Get("Authorization")
+				if token == "" {
+					token = r.Header.Get("X-Authorization")
+				}
 				if token != apiToken {
 					logger.Info("Request to %s from %s \033[31m(invalid token)\033[0m", r.URL.Path, r.Header.Get("X-Forwarded-For"))
 					http.Error(w, http.StatusText(403), http.StatusForbidden)
 					return
 				}
+				// Remove any provided auth headers so we can inject the Tesla Bearer token cleanly
 				r.Header.Del("Authorization")
+				r.Header.Del("X-Authorization")
 			}
 
 			r.Header.Add("Authorization", "Bearer "+tesla.AccessToken)