From 6675757d972f2f5afdf2238c1b34935c81ba6095 Mon Sep 17 00:00:00 2001
From: Michael Bromley <michael@michaelbromley.co.uk>
Date: Wed, 27 Oct 2021 22:02:45 +0200
Subject: [PATCH] fix(core): Fix polynomial regex vulnerability

Fixes https://github.com/vendure-ecommerce/vendure/security/code-scanning/19
---
 packages/core/src/api/common/extract-session-token.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/core/src/api/common/extract-session-token.ts b/packages/core/src/api/common/extract-session-token.ts
index 09ecb6915f..e95f27b3a2 100644
--- a/packages/core/src/api/common/extract-session-token.ts
+++ b/packages/core/src/api/common/extract-session-token.ts
@@ -35,7 +35,7 @@ function getFromCookie(req: Request): string | undefined {
 function getFromHeader(req: Request): string | undefined {
     const authHeader = req.get('Authorization');
     if (authHeader) {
-        const matches = authHeader.match(/bearer\s+(.+)$/i);
+        const matches = authHeader.match(/bearer\s(.+)$/i);
         if (matches) {
             return matches[1];
         }