From 0b4796201725a38e26c01c1bc66bae51e9e0b2aa Mon Sep 17 00:00:00 2001
From: Weixie Cui <cuiweixie@gmail.com>
Date: Thu, 21 May 2026 20:00:00 +0800
Subject: [PATCH] node: RFC 7235 mandates case-insensitive auth-schema mathcing

---
 node/jwt_handler.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/node/jwt_handler.go b/node/jwt_handler.go
index 637ae19686..4f85c12367 100644
--- a/node/jwt_handler.go
+++ b/node/jwt_handler.go
@@ -47,7 +47,7 @@ func (handler *jwtHandler) ServeHTTP(out http.ResponseWriter, r *http.Request) {
 		strToken string
 		claims   jwt.RegisteredClaims
 	)
-	if auth := r.Header.Get("Authorization"); strings.HasPrefix(auth, "Bearer ") {
+	if auth := r.Header.Get("Authorization"); len(auth) >= 7 && strings.EqualFold(auth[:7], "bearer ") {
 		strToken = strings.TrimPrefix(auth, "Bearer ")
 	}
 	if len(strToken) == 0 {