Merge pull request #1386 from nextcloud/enh/1366/only-check-bearer

Do not try to validate all Authorization header values

Author: julien-nc

lib/User/Backend.php

@@ -235,6 +235,10 @@ public function getCurrentUserId(): string {
 
 		// get the bearer token from headers
 		$headerToken = $this->request->getHeader(Application::OIDC_API_REQ_HEADER);
+		if (!str_starts_with($headerToken, 'bearer ') && !str_starts_with($headerToken, 'Bearer ')) {
+			$this->logger->debug('No Bearer token');
+			return '';
+		}
 		$headerToken = preg_replace('/^bearer\s+/i', '', $headerToken);
 		if ($headerToken === '') {
 			$this->logger->debug('No Bearer token');