From b39c46eeac36d65eaaf18bdbaa29ba86d9cea26c Mon Sep 17 00:00:00 2001
From: James Gowdy <jgowdy@elastic.co>
Date: Mon, 20 Jul 2020 09:30:06 +0100
Subject: [PATCH] [ML] Disabling secondary auth headers when security is
 disabled (#72371)

Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
---
 x-pack/plugins/ml/server/lib/request_authorization.ts | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/x-pack/plugins/ml/server/lib/request_authorization.ts b/x-pack/plugins/ml/server/lib/request_authorization.ts
index 01df0900b96f..d40909a3a3a4 100644
--- a/x-pack/plugins/ml/server/lib/request_authorization.ts
+++ b/x-pack/plugins/ml/server/lib/request_authorization.ts
@@ -7,7 +7,9 @@
 import { KibanaRequest } from 'kibana/server';
 
 export function getAuthorizationHeader(request: KibanaRequest) {
-  return {
-    headers: { 'es-secondary-authorization': request.headers.authorization },
-  };
+  return request.headers.authorization === undefined
+    ? {}
+    : {
+        headers: { 'es-secondary-authorization': request.headers.authorization },
+      };
 }