From 623e5963dec18d140cf8e4f9c56a17c65367b90a Mon Sep 17 00:00:00 2001
From: jerryfletcher21 <jerryfletcher@cock.email>
Date: Thu, 26 Jun 2025 18:02:29 +0200
Subject: [PATCH] middleware cleaning

allow HTTP_AUTHORIZATION to be split just in 4
remove support for sending authorization with cookies
---
 robosats/middleware.py | 12 +-----------
 1 file changed, 1 insertion(+), 11 deletions(-)

diff --git a/robosats/middleware.py b/robosats/middleware.py
index 00fafb0e..2a3a7d46 100644
--- a/robosats/middleware.py
+++ b/robosats/middleware.py
@@ -42,12 +42,7 @@ class SplitAuthorizationHeaderMiddleware(MiddlewareMixin):
         auth_header = request.META.get("HTTP_AUTHORIZATION", "")
         split_auth = auth_header.split(" | ")
 
-        if len(split_auth) == 3:
-            # Deprecated in favor of len 4
-            request.META["HTTP_AUTHORIZATION"] = split_auth[0]
-            request.META["PUBLIC_KEY"] = split_auth[1]
-            request.META["ENCRYPTED_PRIVATE_KEY"] = split_auth[2]
-        elif len(split_auth) == 4:
+        if len(split_auth) == 4:
             request.META["HTTP_AUTHORIZATION"] = split_auth[0]
             request.META["PUBLIC_KEY"] = split_auth[1]
             request.META["ENCRYPTED_PRIVATE_KEY"] = split_auth[2]
@@ -123,11 +118,6 @@ class RobotTokenSHA256AuthenticationMiddleWare:
             ).replace("Private ", "")
             nostr_pubkey = request.META.get("NOSTR_PUBKEY", "").replace("Nostr ", "")
 
-            # Some legacy (pre-federation) clients will still send keys as cookies
-            if public_key == "" or encrypted_private_key == "":
-                public_key = request.COOKIES.get("public_key")
-                encrypted_private_key = request.COOKIES.get("encrypted_private_key", "")
-
             if not public_key or not encrypted_private_key or not nostr_pubkey:
                 return JsonResponse(
                     {