From a3e819548995fd71f985ea21ccb63171791fe249 Mon Sep 17 00:00:00 2001
From: Oleksandr Redko <oleksandr.red+github@gmail.com>
Date: Fri, 24 Oct 2025 11:44:06 +0300
Subject: [PATCH] test: Ensure Authorization is not set with empty token

---
 github/github_test.go | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/github/github_test.go b/github/github_test.go
index ec9af05a5dd..394741e5694 100644
--- a/github/github_test.go
+++ b/github/github_test.go
@@ -395,6 +395,26 @@ func TestWithAuthToken(t *testing.T) {
 		t.Parallel()
 		validate(t, NewTokenClient(t.Context(), token).Client(), token)
 	})
+
+	t.Run("do not set Authorization when empty token", func(t *testing.T) {
+		t.Parallel()
+		c := new(Client).WithAuthToken("")
+
+		gotReq := false
+		ifAuthorizationSet := false
+		srv := httptest.NewServer(http.HandlerFunc(func(_ http.ResponseWriter, r *http.Request) {
+			gotReq = true
+			_, ifAuthorizationSet = r.Header["Authorization"]
+		}))
+		_, err := c.client.Get(srv.URL)
+		assertNilError(t, err)
+		if !gotReq {
+			t.Error("request not sent")
+		}
+		if ifAuthorizationSet {
+			t.Error("The header 'Authorization' must not be set")
+		}
+	})
 }
 
 func TestWithEnterpriseURLs(t *testing.T) {