If `authorization` is not of type Bearer to ignore it and check the cookie

[cberescu]

Prerequisites

• [X] I have written a descriptive issue title
• [X] I have searched existing issues to ensure the feature has not already been requested

🚀 Feature Proposal

I think it would help for the authorization header to be skipped if it is not Bearer type. No reason to throw an error if it is not the expected format.
Easies way to do it is to change this line if ((request.headers && request.headers.authorization) && (!onlyCookie)) into if ((request.headers && request.headers.authorization) && (!onlyCookie) && (/^Bearer/i.test(request.headers.authorization)))

Motivation

A good example is if you are using also the Basic auth on the same domain.

Example

No response

[mcollina]

Thanks for reporting! Would you like to send a Pull Request to address this issue? Remember to add unit tests.