From 9d7e59df36ddc18a3dbcfae6f7acc3f8683042d9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maximilian=20Pa=C3=9F?=
 <22845248+mpass99@users.noreply.github.com>
Date: Mon, 4 Oct 2021 12:23:41 +0200
Subject: [PATCH] Change authorization header key (#6)

* Change authorization header key

as the use of headers starting with X- has been deprecated in RFC6648.

* Update configuration.example.yaml

Co-authored-by: Sebastian Serth <MrSerth@users.noreply.github.com>
---
 configuration.example.yaml | 2 +-
 docs/security.md           | 4 ++--
 internal/api/auth/auth.go  | 2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/configuration.example.yaml b/configuration.example.yaml
index 951d151..38de444 100644
--- a/configuration.example.yaml
+++ b/configuration.example.yaml
@@ -4,7 +4,7 @@ server:
   address: 127.0.0.1
   # Port on which the webserver listens
   port: 7200
-  # If set, this token is required in the X-Poseidon-Token header for each route except /health
+  # If set, this token is required in the `Poseidon-Token` header for each route except /health
   token: SECRET
   # Configuration of TLS between the web client and Poseidon.
   tls:
diff --git a/docs/security.md b/docs/security.md
index 3f66428..d66a871 100644
--- a/docs/security.md
+++ b/docs/security.md
@@ -10,12 +10,12 @@
 
 The API supports authentication via an HTTP header. To enable it, specify the `server.token` value in the `configuration.yaml` or the corresponding environment variable `POSEIDON_SERVER_TOKEN`.
 
-Once configured, all requests to the API, except the `health` route require the configured token in the `X-Poseidon-Token` header.
+Once configured, all requests to the API, except the `health` route require the configured token in the `Poseidon-Token` header.
 
 An example `curl` command with the configured token being `SECRET` looks as follows:
 
 ```bash
-$ curl -H "X-Poseidon-Token: SECRET" http://localhost:7200/api/v1/some-protected-route
+$ curl -H "Poseidon-Token: SECRET" http://localhost:7200/api/v1/some-protected-route
 ```
 
 ### Nomad
diff --git a/internal/api/auth/auth.go b/internal/api/auth/auth.go
index 8c3da70..cf7d357 100644
--- a/internal/api/auth/auth.go
+++ b/internal/api/auth/auth.go
@@ -9,7 +9,7 @@ import (
 
 var log = logging.GetLogger("api/auth")
 
-const TokenHeader = "X-Poseidon-Token"
+const TokenHeader = "Poseidon-Token"
 
 var correctAuthenticationToken []byte