Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't override authorization header if it already exists #33

Merged
merged 4 commits into from
Aug 27, 2018

Conversation

rarkins
Copy link
Contributor

@rarkins rarkins commented Aug 27, 2018

Only use options.token to set options.headers.authorization if that header is current unset.

This covers the case where:

  1. User has a GITHUB_TOKEN defined in env
  2. User/app has explicitly set an authorization header and is definitely not expecting it to get ignored/overwritten

This is particularly important also for GitHub "Apps" which need to authentication themselves via Bearer not token, so it's impossible to pass that in options.token either.

Only use `options.token` to set `options.headers.authorization` if that header is current unset. 

This covers the case where:

1. User has a `GITHUB_TOKEN` defined in env
2. User/app has explicitly set an authorization header and is definitely not expecting it to get ignored/overwritten
@sindresorhus
Copy link
Owner

Can you document this behavior in the readme?

@sindresorhus sindresorhus changed the title fix: don't override authorization if already existing Don't override authorization header if it already exists Aug 27, 2018
@rarkins
Copy link
Contributor Author

rarkins commented Aug 27, 2018

@sindresorhus done

@sindresorhus sindresorhus merged commit c5491da into sindresorhus:master Aug 27, 2018
@rarkins rarkins deleted the patch-1 branch August 27, 2018 06:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants