From e3d7401a32a46516c9e5ee877e613e62ed35bddc Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 6 Mar 2026 23:13:07 +0100
Subject: [PATCH] http: only send bearer if auth is allowed

Verify with test 2006

Closes #20843
---
 lib/http.c             |  1 +
 tests/data/Makefile.am |  2 +-
 tests/data/test2006    | 98 ++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 100 insertions(+), 1 deletion(-)
 create mode 100644 tests/data/test2006

Index: curl-8.0.1/lib/http.c
===================================================================
--- curl-8.0.1.orig/lib/http.c
+++ curl-8.0.1/lib/http.c
@@ -796,6 +796,7 @@ output_auth_headers(struct Curl_easy *da
   if(authstatus->picked == CURLAUTH_BEARER) {
     /* Bearer */
     if((!proxy && data->set.str[STRING_BEARER] &&
+        Curl_auth_allowed_to_host(data) &&
         !Curl_checkheaders(data, STRCONST("Authorization")))) {
       auth = "Bearer";
       result = http_output_bearer(data);