i never claimed to be a cybersecurity wizard...

GreemDev · GreemDev · commit 8094e5a96096 · 2025-12-24T00:19:37.000-06:00
diff --git a/src/Server/Controllers/Api/v1/Admin/RefreshCacheController.cs b/src/Server/Controllers/Api/v1/Admin/RefreshCacheController.cs
@@ -33,7 +33,7 @@ public async Task<ActionResult> Action([FromQuery] string rc)
             return Problem(
                 $"Unknown release channel '{rc}'; valid are '{Constants.StableRoute}' and '{Constants.CanaryRoute}'", statusCode: 404);
 
-        if (!AdminEndpointMetadata.AccessToken.EqualsIgnoreCase(HttpContext.Request.Headers.Authorization))
+        if (!AdminEndpointMetadata.AccessToken.Equals(adminAccessToken))
             return Unauthorized();
 
         var minutesSinceLastRefresh = (DateTimeOffset.Now - LastRefreshes[releaseChannel]).TotalMinutes;
diff --git a/src/Server/Controllers/Api/v1/Admin/VersioningController.cs b/src/Server/Controllers/Api/v1/Admin/VersioningController.cs
@@ -71,7 +71,7 @@ public async Task<ActionResult> Increment([FromQuery] string rc)
                 $"Unknown release channel '{rc}'; valid are '{Constants.StableRoute}' and '{Constants.CanaryRoute}'",
                 statusCode: 404);
 
-        if (!AdminEndpointMetadata.AccessToken.EqualsIgnoreCase(HttpContext.Request.Headers.Authorization))
+        if (!AdminEndpointMetadata.AccessToken.Equals(adminAccessToken))
             return Unauthorized();
 
         var versionProviderService = HttpContext.RequestServices
@@ -99,7 +99,7 @@ public async Task<ActionResult> Advance()
                 statusCode: 418);
 
 
-        if (!AdminEndpointMetadata.AccessToken.EqualsIgnoreCase(HttpContext.Request.Headers.Authorization))
+        if (!AdminEndpointMetadata.AccessToken.Equals(adminAccessToken))
             return Unauthorized();
 
         var versionProviderService = HttpContext.RequestServices
