You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Jan 6, 2023. It is now read-only.
I have no idea if this is the right repo for this issue. I have a static token, I put it in the user in the database as explained in the docs, then when attempting to use it as Authorization: Bearer token, it does not check if the token is case sensitive or not. To reproduce, just use any token you want, and change a capital A for a small a, the check will pass and consider the token is correct.
Don't know if this is the right behavior, but I just wanted to point it out.
Latest version, Ubuntu.
Thanks!
The text was updated successfully, but these errors were encountered:
Not sure if this was designed like this, but it feels like a bug to me. I personally think the token should be case sensitive. What do you think @pzehle ?
@rijkvanzanten I totally agree. I feel this like a bug, because you lower the security of a token to probably half when it is not case sensitive. If this is planned then I would think this is not a good behavior.
I have no idea if this is the right repo for this issue. I have a static token, I put it in the user in the database as explained in the docs, then when attempting to use it as
Authorization: Bearer token
, it does not check if the token is case sensitive or not. To reproduce, just use any token you want, and change a capital A for a small a, the check will pass and consider the token is correct.Don't know if this is the right behavior, but I just wanted to point it out.
Latest version, Ubuntu.
Thanks!
The text was updated successfully, but these errors were encountered: