fix: ensure custom headers are ignored when using bearer or basic authorization (#23584)

Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
2025-08-14 10:18:12 +08:00 · 2025-08-14 10:18:12 +08:00 · 9e29309ffd
commit 9e29309ffd
parent e0f0813b7c
2 changed files with 178 additions and 1 deletions
--- a/api/core/workflow/nodes/http_request/executor.py
+++ b/api/core/workflow/nodes/http_request/executor.py
@ -276,7 +276,8 @@ class Executor:
                    encoded_credentials = credentials
                headers[authorization.config.header] = f"Basic {encoded_credentials}"
            elif self.auth.config.type == "custom":
-                headers[authorization.config.header] = authorization.config.api_key or ""
+                if authorization.config.header and authorization.config.api_key:
+                    headers[authorization.config.header] = authorization.config.api_key

        # Handle Content-Type for multipart/form-data requests
        # Fix for issue #23829: Missing boundary when using multipart/form-data