From 778240739474fc0900074f1d03b83d84240f0356 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Thu, 10 Jul 2025 15:43:28 +0000
Subject: [PATCH] Introduced protections against HTTP header injection /
 smuggling attacks

---
 .../software/proprietary/security/service/JWTService.java      | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/proprietary/src/main/java/stirling/software/proprietary/security/service/JWTService.java b/proprietary/src/main/java/stirling/software/proprietary/security/service/JWTService.java
index 2872309de..d35ea3fbe 100644
--- a/proprietary/src/main/java/stirling/software/proprietary/security/service/JWTService.java
+++ b/proprietary/src/main/java/stirling/software/proprietary/security/service/JWTService.java
@@ -1,5 +1,6 @@
 package stirling.software.proprietary.security.service;
 
+import io.github.pixee.security.Newlines;
 import java.security.KeyPair;
 import java.util.Date;
 import java.util.HashMap;
@@ -150,7 +151,7 @@ public class JWTService implements JWTServiceInterface {
 
     @Override
     public void addTokenToResponse(HttpServletResponse response, String token) {
-        response.setHeader(AUTHORIZATION_HEADER, BEARER_PREFIX + token);
+        response.setHeader(AUTHORIZATION_HEADER, Newlines.stripAll(BEARER_PREFIX + token));
 
         ResponseCookie cookie =
                 ResponseCookie.from(JWT_COOKIE_NAME, token)