Refactor basic auth middleware to support multiple auth headers

labstack · Oct 30, 2024 · 4ab78e4 · 4ab78e4
1 parent 0e4fdd6
commit 4ab78e4
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/middleware/basic_auth.go b/middleware/basic_auth.go
@@ -99,6 +99,7 @@ func (config BasicAuthConfig) ToMiddleware() (echo.MiddlewareFunc, error) {
 			// multiple auth headers is something that can happen in environments like
 			// corporate test environments that are secured by application proxy servers where
 			// front facing proxy is also configured to require own basic auth value and does auth checks.
+			// In that case middleware can receive multiple auth headers.
 			for _, auth := range c.Request().Header[echo.HeaderAuthorization] {
 				if !(len(auth) > l+1 && strings.EqualFold(auth[:l], basic)) {
 					continue