(datasource/custom): Always uses token abc
instead of Bearer abc
to the Authorization header
#24671
Replies: 2 comments 5 replies
-
That's a nasty bug. The _ |
Beta Was this translation helpful? Give feedback.
-
This bug also impact calls into the Azure Graph API. We were trying to retrieve a version list from https://management.azure.com/subscriptions/[sub-id]/resourceGroups/[rg]/providers/Microsoft.Compute/galleries/[gallery-name]images/{{{depName}}}/versions?api-version=2022-08-03. This expects the authorization header with Bearer. Reverting back to a version before fadf1f2 fixed it for us. Of course we'd like to run on the latest version of renovate, so very keen to see a fix for this. |
Beta Was this translation helpful? Give feedback.
-
How are you running Renovate?
Self-hosted Renovate
If you're self-hosting Renovate, tell us what version of Renovate you run.
36.107.2/93ab46e37e26e1e0d48e9d9f2a19041372ca7093
If you're self-hosting Renovate, select which platform you are using.
GitHub Enterprise Server
Was this something which used to work for you, and then stopped?
It used to work, and then stopped
Describe the problem
I've been using custom data sources with a JSON-API for a couple of weeks. However, I've noticed an issue following commit fadf1f2 (related to discussion #24377). Since this update, all requests to my custom data source now use the
token
prefix in theauthorization
-header when being executed.The root issue appears to be that
GITEA_API_USING_HOST_TYPES
now includes thecustom
type. This leads to Renovate using thetoken
prefix, assuming that it's interfacing with a GITEA compatible host.Here is the relevant code snippet:
renovate/lib/util/http/auth.ts
Lines 31 to 36 in 69f7240
Removing
custom
from GITEA isn't a viable solution as it would then proceed into the GITHUB if-branch, which also results in unexpected formatting of theauthorization
-header.My Renovate configuration is as follows:
I propose adding the following tests to check for the expected behavior in
lib/util/http/auth.spec.ts
:Currently, the
authorization
header always containstoken
as shown in the image below, which works great for GitHub, GITEA and GitLab, but breaks for any other generic API.Relevant debug logs
Logs
No logs provided; the logs didn't provide any meaningful insights into this.
Have you created a minimal reproduction repository?
I have explained in the description why a minimal reproduction is impossible
Beta Was this translation helpful? Give feedback.
All reactions