You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I'm using a custom header name, and I've set middleware options accordingly. I'd like the middleware to accept a token sent in a cookie if there's no header present, so I've defined a cookie with a custom name to check too.
I've discovered that the cookie is never checked for a token if a header with a custom name isn't present. This block of code in fetchToken() in src/JwtAuthentication always returns true, even if the header isn't found when the regexp is also "/(.*)/"
/* Check for token in header. */$headers = $request->getHeader($this->options["header"]);
$header = isset($headers[0]) ? $headers[0] : "";
if (preg_match($this->options["regexp"], $header, $matches)) {
$this->log(LogLevel::DEBUG, $message);
return$matches[1];
}
Would it be more appropriate to check if there's anything in $header before even attempting a preg_match? Such a fix works great for my particular case:
I'm using a custom header name, and I've set middleware options accordingly. I'd like the middleware to accept a token sent in a cookie if there's no header present, so I've defined a cookie with a custom name to check too.
I've discovered that the cookie is never checked for a token if a header with a custom name isn't present. This block of code in fetchToken() in src/JwtAuthentication always returns true, even if the header isn't found when the regexp is also
"/(.*)/"
Would it be more appropriate to check if there's anything in $header before even attempting a preg_match? Such a fix works great for my particular case:
The text was updated successfully, but these errors were encountered: