From d5b58b31465774e79d4ddb8720f9a22481495f18 Mon Sep 17 00:00:00 2001
From: Toby Zerner <toby.zerner@gmail.com>
Date: Mon, 14 Sep 2015 14:49:11 +0930
Subject: [PATCH] Only set XHR authorization header if token isn't empty

---
 js/lib/Session.js | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/js/lib/Session.js b/js/lib/Session.js
index 28b7ec40b..a6c121b49 100644
--- a/js/lib/Session.js
+++ b/js/lib/Session.js
@@ -16,6 +16,7 @@ export default class Session {
      * The token that was used for authentication.
      *
      * @type {String|null}
+     * @public
      */
     this.token = token;
   }
@@ -26,6 +27,7 @@ export default class Session {
    * @param {String} identification The username/email.
    * @param {String} password
    * @return {Promise}
+   * @public
    */
   login(identification, password) {
     return app.request({
@@ -38,6 +40,8 @@ export default class Session {
 
   /**
    * Log the user out.
+   *
+   * @public
    */
   logout() {
     window.location = app.forum.attribute('baseUrl') + '/logout?token=' + this.token;
@@ -48,8 +52,11 @@ export default class Session {
    * XMLHttpRequest object.
    *
    * @param {XMLHttpRequest} xhr
+   * @public
    */
   authorize(xhr) {
-    xhr.setRequestHeader('Authorization', 'Token ' + this.token);
+    if (this.token) {
+      xhr.setRequestHeader('Authorization', 'Token ' + this.token);
+    }
   }
 }