firebase-functions icon indicating copy to clipboard operation
firebase-functions copied to clipboard

Published 20 hours ago verified publisher icon firebase

Fix bug where callable function skipped unrecognized auth headers

Open taeold opened this issue 3 years ago • 0 comments

We have a weird edge case where an authorization in form we don't recognize will completely skip the auth check.

The fix here applies 2 changes:

  1. We allow 'Bearer <TOKEN>' format to be case insensitive. 'bearer <TOKEN>' also works.

  2. We reject other authorization header. e.g. 'Beaver ' is rejected.

taeold avatar Jul 27 '22 19:07 taeold