From 71fa51f69adabcd95861a25ef8190456f259e03c Mon Sep 17 00:00:00 2001
From: norohind <60548839+norohind@users.noreply.github.com>
Date: Wed, 8 Dec 2021 18:02:17 +0300
Subject: [PATCH] secret as header, not cookie

---
 web.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/web.py b/web.py
index ce49072..ad0c198 100644
--- a/web.py
+++ b/web.py
@@ -11,9 +11,9 @@ logger.propagate = False
 
 
 def check_secret(req: falcon.request.Request, resp: falcon.response.Response, resource, params) -> None:
-    cookies_secret = req.get_cookie_values('key')
+    cookies_secret = req.headers.get('AUTH')
 
-    if cookies_secret is None or cookies_secret[0] != config.access_key:
+    if cookies_secret != config.access_key:
         raise falcon.HTTPForbidden