Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Throw Exception When Only 'Bearer' is Specified in Authorization Header #2801

Closed
marevol opened this issue Jan 28, 2024 · 0 comments
Closed
Assignees
Milestone

Comments

@marevol
Copy link
Contributor

marevol commented Jan 28, 2024

We have updated the AccessTokenHelper class to enhance security measures. Previously, our code did not throw an exception when only "Bearer" was specified in the Authorization header without an accompanying token. This update rectifies this oversight. Now, when the Authorization header contains only "Bearer" with no token, our system will throw an InvalidAccessTokenException. This change ensures that invalid or incomplete authorization attempts are properly handled, improving the robustness of our authorization process.

@marevol marevol added this to the 14.12.0 milestone Jan 28, 2024
@marevol marevol self-assigned this Jan 28, 2024
marevol added a commit that referenced this issue Jan 28, 2024
…rer' is specified in Authorization header
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

No branches or pull requests

1 participant