Merge pull request #2465 from phw/PICARD-2895

zas · web-flow · commit 169ed965ee82 · 2024-05-12T15:01:36.000+02:00
PICARD-2895: Web service requests must set Authorization header only when required
diff --git a/picard/webservice/__init__.py b/picard/webservice/__init__.py
@@ -5,7 +5,7 @@
 # Copyright (C) 2007 Lukáš Lalinský
 # Copyright (C) 2009 Carlin Mangar
 # Copyright (C) 2017 Sambhav Kothari
-# Copyright (C) 2018-2022 Philipp Wolfer
+# Copyright (C) 2018-2022, 2024 Philipp Wolfer
 # Copyright (C) 2018-2023 Laurent Monin
 # Copyright (C) 2021 Tche333
 #
@@ -220,8 +220,9 @@ def has_auth(self):
         return self.mblogin and self.access_token
 
     def _update_authorization_header(self):
-        auth = 'Bearer ' + self.access_token if self.has_auth else ''
-        self.setRawHeader(b'Authorization', auth.encode('utf-8'))
+        if self.has_auth:
+            auth = 'Bearer ' + self.access_token
+            self.setRawHeader(b'Authorization', auth.encode('utf-8'))
 
     @property
     def host(self):
