Tighten up auth regex

2024-02-25 09:10:03 +11:00
parent b6ccc90b07
commit 4917bc1aa1
1 changed files with 1 additions and 1 deletions
--- a/slices/micropub/action.rb
+++ b/slices/micropub/action.rb
@@ -26,7 +26,7 @@ module Micropub
      # Pull out and verify the authorization header or access_token

      if req.env["HTTP_AUTHORIZATION"]
-        header = req.env["HTTP_AUTHORIZATION"].match(/Bearer (.*)$/)
+        header = req.env["HTTP_AUTHORIZATION"].match(/^Bearer (.*)$/)
        access_token = header[1] unless header.nil?
      elsif req.params["access_token"]
        access_token = req.params["access_token"]