From 4f97bb9e0bde086fafb683771fa4d66b3fb0cd42 Mon Sep 17 00:00:00 2001
From: Pascal Vizeli <pvizeli@syshack.ch>
Date: Thu, 6 Feb 2020 08:30:27 +0100
Subject: [PATCH] Fix overwrite authorization / ingress (#1479)

---
 hassio/api/utils.py | 19 +++++++++++--------
 1 file changed, 11 insertions(+), 8 deletions(-)

diff --git a/hassio/api/utils.py b/hassio/api/utils.py
index 5a978b5e9..8432d47ee 100644
--- a/hassio/api/utils.py
+++ b/hassio/api/utils.py
@@ -25,18 +25,21 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 def excract_supervisor_token(request: web.Request) -> Optional[str]:
     """Extract Supervisor token from request."""
+    supervisor_token = request.headers.get(HEADER_TOKEN)
+    if supervisor_token:
+        return supervisor_token
+
+    # Remove with old Hass.io fallback
+    supervisor_token = request.headers.get(HEADER_TOKEN_OLD)
+    if supervisor_token:
+        return supervisor_token
+
+    # API access only
     supervisor_token = request.headers.get(AUTHORIZATION)
     if supervisor_token:
         return supervisor_token.split(" ")[-1]
 
-    # Header token handling
-    supervisor_token = request.headers.get(HEADER_TOKEN)
-
-    # Remove with old Hass.io fallback
-    if not supervisor_token:
-        supervisor_token = request.headers.get(HEADER_TOKEN_OLD)
-
-    return supervisor_token
+    return None
 
 
 def json_loads(data: Any) -> Dict[str, Any]: