diff --git a/request/extractor.go b/request/extractor.go index 03d8e4b7..9ef5f066 100644 --- a/request/extractor.go +++ b/request/extractor.go @@ -90,7 +90,7 @@ func (e BearerExtractor) ExtractToken(req *http.Request) (string, error) { tokenHeader := req.Header.Get("Authorization") // The usual convention is for "Bearer" to be title-cased. However, there's no // strict rule around this, and it's best to follow the robustness principle here. - if len(tokenHeader) < 7 || !strings.HasPrefix(strings.ToLower(tokenHeader[:7]), "bearer ") { + if len(tokenHeader) < 7 || !strings.EqualFold(tokenHeader[:7], "bearer ") { return "", ErrNoTokenInRequest } return tokenHeader[7:], nil diff --git a/request/oauth2.go b/request/oauth2.go index 5860a53f..9f88c3e9 100644 --- a/request/oauth2.go +++ b/request/oauth2.go @@ -7,7 +7,7 @@ import ( // Strips 'Bearer ' prefix from bearer token string func stripBearerPrefixFromTokenString(tok string) (string, error) { // Should be a bearer token - if len(tok) > 6 && strings.ToUpper(tok[0:7]) == "BEARER " { + if len(tok) > 6 && strings.EqualFold(tok[:7], "bearer ") { return tok[7:], nil } return tok, nil