From 7d9fc0ce0c31f22457485a9ff33e0839aaca1254 Mon Sep 17 00:00:00 2001
From: Inverle <inverle@proton.me>
Date: Mon, 30 Jun 2025 09:51:31 +0200
Subject: Fix multiple auth headers bug (#7703)

Fix https://github.com/FreshRSS/FreshRSS/issues/7699
---
 lib/lib_rss.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 9d315a26d..196ab06a4 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -856,7 +856,7 @@ function checkTrustedIP(): bool {
 }
 
 function httpAuthUser(bool $onlyTrusted = true): string {
-	$auths = array_intersect_key($_SERVER, ['REMOTE_USER' => '', 'REDIRECT_REMOTE_USER' => '', 'HTTP_REMOTE_USER' => '', 'HTTP_X_WEBAUTH_USER' => '']);
+	$auths = array_unique(array_intersect_key($_SERVER, ['REMOTE_USER' => '', 'REDIRECT_REMOTE_USER' => '', 'HTTP_REMOTE_USER' => '', 'HTTP_X_WEBAUTH_USER' => '']));
 	if (count($auths) > 1) {
 		Minz_Log::warning('Multiple HTTP authentication headers!');
 		return '';
-- 
cgit v1.2.3