Do not authorize empty Authorization headers

ConvoyPanel · Aug 14, 2022 · 80c7f1b · 80c7f1b
1 parent 5e21cdd
commit 80c7f1b
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/app/Http/Middleware/AuthorizeProprietaryToken.php b/app/Http/Middleware/AuthorizeProprietaryToken.php
@@ -20,7 +20,8 @@ public function handle(Request $request, Closure $next)
     {
         $secret = $request->header('Authorization');
 
-        if ($secret !== config('external.secret'))
+
+        if ($secret !== config('external.secret') || strlen(config('external.secret')) === 0 || empty(config('external.secret')))
         {
             return new Response([
                 'message' => 'Unauthorized'