From 16e5ba5a768b86b5632c7c86726475961d8e4c8c Mon Sep 17 00:00:00 2001
From: Kyle Spearrin <kyle.spearrin@gmail.com>
Date: Thu, 14 Sep 2017 10:11:48 -0400
Subject: [PATCH] Accept "Content-Language" header for JWT token

---
 src/Api/Utilities/TokenRetrieval.cs | 16 +++++++++++++---
 1 file changed, 13 insertions(+), 3 deletions(-)

diff --git a/src/Api/Utilities/TokenRetrieval.cs b/src/Api/Utilities/TokenRetrieval.cs
index 9eab9d3e8e..fa5e78461c 100644
--- a/src/Api/Utilities/TokenRetrieval.cs
+++ b/src/Api/Utilities/TokenRetrieval.cs
@@ -11,14 +11,24 @@ namespace Bit.Api.Utilities
         {
             return (request) =>
             {
-                string authorization = request.Headers["Authorization"].FirstOrDefault();
+                var authorization = request.Headers["Authorization"].FirstOrDefault();
 
                 if(string.IsNullOrWhiteSpace(authorization))
                 {
-                    return request.Query[qsName].FirstOrDefault();
+                    // Bearer token could exist in the 'Content-Language' header on clients that want to avoid pre-flights.
+                    var languageAuth = request.Headers["Content-Language"].FirstOrDefault();
+                    if(string.IsNullOrWhiteSpace(languageAuth) ||
+                        !languageAuth.StartsWith($"{headerScheme} ", StringComparison.OrdinalIgnoreCase))
+                    {
+                        return request.Query[qsName].FirstOrDefault();
+                    }
+                    else
+                    {
+                        authorization = languageAuth.Split(',')[0];
+                    }
                 }
 
-                if(authorization.StartsWith(headerScheme + " ", StringComparison.OrdinalIgnoreCase))
+                if(authorization.StartsWith($"{headerScheme} ", StringComparison.OrdinalIgnoreCase))
                 {
                     return authorization.Substring(headerScheme.Length + 1).Trim();
                 }