diff --git a/lib/doorkeeper/doorkeeper_for.rb b/lib/doorkeeper/doorkeeper_for.rb
index dd59b106e..fc49fb499 100644
--- a/lib/doorkeeper/doorkeeper_for.rb
+++ b/lib/doorkeeper/doorkeeper_for.rb
@@ -109,7 +109,7 @@ def get_doorkeeper_token
 
     def authorization_bearer_token
       header = request.env['HTTP_AUTHORIZATION']
-      header.gsub!(/^Bearer /, '') unless header.nil?
+      header.gsub(/^Bearer /, '') if header && header.match(/^Bearer /)
     end
 
     def doorkeeper_unauthorized_render_options
diff --git a/spec/controllers/protected_resources_controller_spec.rb b/spec/controllers/protected_resources_controller_spec.rb
index bd4f5b9fb..ef1f22aee 100644
--- a/spec/controllers/protected_resources_controller_spec.rb
+++ b/spec/controllers/protected_resources_controller_spec.rb
@@ -99,6 +99,13 @@ def index
       request.env["HTTP_AUTHORIZATION"] = "Basic #{Base64.encode64("foo:bar")}"
       get :index
     end
+
+    it "doesn't change Authorization header value" do
+      Doorkeeper::AccessToken.should_receive(:find_by_token).exactly(2).times
+      request.env["HTTP_AUTHORIZATION"] = "Bearer #{token_string}"
+      get :index
+      get :index
+    end
   end
 
   context "defined for all actions" do