From 4917bc1aa1cfcadffb22a9f22a6786dc8cf46061 Mon Sep 17 00:00:00 2001 From: Daniel Nitsikopoulos Date: Sun, 25 Feb 2024 09:10:03 +1100 Subject: [PATCH] Tighten up auth regex --- slices/micropub/action.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slices/micropub/action.rb b/slices/micropub/action.rb index 9151a88..cc51ee3 100644 --- a/slices/micropub/action.rb +++ b/slices/micropub/action.rb @@ -26,7 +26,7 @@ module Micropub # Pull out and verify the authorization header or access_token if req.env["HTTP_AUTHORIZATION"] - header = req.env["HTTP_AUTHORIZATION"].match(/Bearer (.*)$/) + header = req.env["HTTP_AUTHORIZATION"].match(/^Bearer (.*)$/) access_token = header[1] unless header.nil? elsif req.params["access_token"] access_token = req.params["access_token"]