From 2456ee8c5b8977359bac556566dbed515af9c812 Mon Sep 17 00:00:00 2001
From: Weves <chrisweaver101@gmail.com>
Date: Wed, 30 Oct 2024 11:52:20 -0700
Subject: [PATCH] Add alternative auth header

---
 backend/ee/danswer/auth/api_key.py | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/backend/ee/danswer/auth/api_key.py b/backend/ee/danswer/auth/api_key.py
index d4f99d13891..74e391ad1da 100644
--- a/backend/ee/danswer/auth/api_key.py
+++ b/backend/ee/danswer/auth/api_key.py
@@ -10,6 +10,11 @@
 
 
 _API_KEY_HEADER_NAME = "Authorization"
+# NOTE for others who are curious: In the context of a header, "X-" often refers
+# to non-standard, experimental, or custom headers in HTTP or other protocols. It
+# indicates that the header is not part of the official standards defined by
+# organizations like the Internet Engineering Task Force (IETF).
+_API_KEY_HEADER_ALTERNATIVE_NAME = "X-Danswer-Authorization"
 _BEARER_PREFIX = "Bearer "
 _API_KEY_PREFIX = "dn_"
 _API_KEY_LEN = 192
@@ -43,7 +48,9 @@ def build_displayable_api_key(api_key: str) -> str:
 
 
 def get_hashed_api_key_from_request(request: Request) -> str | None:
-    raw_api_key_header = request.headers.get(_API_KEY_HEADER_NAME)
+    raw_api_key_header = request.headers.get(
+        _API_KEY_HEADER_ALTERNATIVE_NAME
+    ) or request.headers.get(_API_KEY_HEADER_NAME)
     if raw_api_key_header is None:
         return None