improve handling of empty/invalid Authorization header (!990) · Merge requests · Administrator / sourcegraph

Administrator requested to merge improve-invalid-empty-auth-hdr into master Nov 14, 2018

Created by: sqs

Previously, if the Authorization header was empty, it would follow the "Ignoring unrecognized Authorization header" code path. The log message would not be seen and it would proceed to the next handler. The behavior was correct but unintentionally so. That code path is meant for when the scheme is unrecognized, not when the entire header is empty.

Fixes the code to use the intended code path when the header is empty, and to log the "Ignoring unrecognized Authorization header" messages with severity warning (because it does indicate an issue that is noteworthy).

This PR does not need to update the CHANGELOG because it is not user facing

improve handling of empty/invalid Authorization header

Merge request reports