From 19a3491bb7045b82221b9d5c64f63dbf1c6631b4 Mon Sep 17 00:00:00 2001
From: Tim Otten <totten@civicrm.org>
Date: Fri, 25 Feb 2022 16:21:29 -0800
Subject: [PATCH] authx - If `Authorization:` header is disabled, then ignore
 it.

---
 ext/authx/authx.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/authx/authx.php b/ext/authx/authx.php
index 220be9577a..ff3958a870 100644
--- a/ext/authx/authx.php
+++ b/ext/authx/authx.php
@@ -13,7 +13,7 @@ Civi::dispatcher()->addListener('civi.invoke.auth', function($e) {
     return (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'xheader', 'cred' => $_SERVER['HTTP_X_CIVI_AUTH'], 'siteKey' => $siteKey]);
   }
 
-  if (!empty($_SERVER['HTTP_AUTHORIZATION'])) {
+  if (!empty($_SERVER['HTTP_AUTHORIZATION']) && !empty(Civi::settings()->get('authx_header_cred'))) {
     return (new \Civi\Authx\Authenticator())->auth($e, ['flow' => 'header', 'cred' => $_SERVER['HTTP_AUTHORIZATION'], 'siteKey' => $siteKey]);
   }
 
-- 
2.25.1