Good,
So, I have a request to the Microsoft Graph API, which is used to create a folder on One Drive. Typically, all my queries have a header:
"Authorization": "Bearer <token>"
Indication that I am requesting access using a Bearer token.
However, one request seems to have slipped through the network.
This request has the following structure:
{
Method: POST,
RequestUri: 'https://graph.microsoft.com/beta/<tenantid>/groups/<groupid>/drive/items/<folderid>/children/',
Version: 1.1,
Content: System.Net.Http.StringContent,
Headers: {
Authorization: <token>
Content-Type: application/json;charset=utf-8
}
}
As you can see, the keyword "Bearer" is missing in the authorization header.
The strange thing is that this request was successful, and the graph did not need a keyword.
My question is basically this:
Why was this request successful and are there any security concerns or flaws highlighted by this success?
Thank,