mirror of
https://github.com/elyby/oauth2-server.git
synced 2024-12-22 21:19:46 +05:30
Fix #328, strict check Bearer token
This commit is contained in:
parent
c174b6fc65
commit
7934c7bb53
@ -38,9 +38,16 @@ class Bearer extends AbstractTokenType implements TokenTypeInterface
|
||||
*/
|
||||
public function determineAccessTokenInHeader(Request $request)
|
||||
{
|
||||
$header = $request->headers->get('Authorization');
|
||||
$accessToken = trim(preg_replace('/^(?:\s+)?Bearer\s/', '', $header));
|
||||
if ($request->headers->has('Authorization') === false) {
|
||||
return;
|
||||
}
|
||||
|
||||
return ($accessToken === 'Bearer') ? '' : $accessToken;
|
||||
$header = $request->headers->get('Authorization');
|
||||
|
||||
if (substr($header, 0, 7) !== 'Bearer ') {
|
||||
return;
|
||||
}
|
||||
|
||||
return trim(substr($header, 7));
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user