Skip to content

Cookie and Bearer Token not checked #2069

Open
Open
Cookie and Bearer Token not checked#2069
@gainsley

Description

@gainsley
gainsley
opened on Mar 23, 2022

MC authentication looks for the JWT in either "Authorization: Bearer" header, or "token" http cookie, but does not do any consistency check if both are specified. MC should invalidate any requests where both are specified and they do not match.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions