From 92795b2fc9e3fdcf3eff9ed93398c7c80d461dd8 Mon Sep 17 00:00:00 2001
From: Zachary N <zwnathoo@ualberta.ca>
Date: Mon, 25 Sep 2023 21:09:12 -0600
Subject: [PATCH 1/2] Add url encoding to header

---
 src/utils/authentication.ts | 11 +++++------
 1 file changed, 5 insertions(+), 6 deletions(-)

diff --git a/src/utils/authentication.ts b/src/utils/authentication.ts
index 8ff0c95de..60c7cc53f 100644
--- a/src/utils/authentication.ts
+++ b/src/utils/authentication.ts
@@ -9,12 +9,11 @@ import type { ClientInfo, DeviceInfo } from '../models';
  * Returns a valid authorization header string.
  */
 export function getAuthorizationHeader(clientInfo: ClientInfo, deviceInfo: DeviceInfo, accessToken = ''): string {
-	// TODO: We should ensure values are properly escaped
 	return [
-		`MediaBrowser Client="${clientInfo.name}"`,
-		`Device="${deviceInfo.name}"`,
-		`DeviceId="${deviceInfo.id}"`,
-		`Version="${clientInfo.version}"`,
-		`Token="${accessToken}"`
+		`MediaBrowser Client="${encodeURI(clientInfo.name)}"`,
+		`Device="${encodeURI(deviceInfo.name)}"`,
+		`DeviceId="${encodeURI(deviceInfo.id)}"`,
+		`Version="${encodeURI(clientInfo.version)}"`,
+		`Token="${encodeURI(accessToken)}"`
 	].join(', ');
 }

From bcb06422c68693ef2baee7e0fbad1db30f4e4215 Mon Sep 17 00:00:00 2001
From: Zachary N <zwnathoo@ualberta.ca>
Date: Tue, 26 Sep 2023 08:00:01 -0600
Subject: [PATCH 2/2] Fix header url encoding

---
 src/utils/authentication.ts | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/utils/authentication.ts b/src/utils/authentication.ts
index 60c7cc53f..e3b0257b6 100644
--- a/src/utils/authentication.ts
+++ b/src/utils/authentication.ts
@@ -10,10 +10,10 @@ import type { ClientInfo, DeviceInfo } from '../models';
  */
 export function getAuthorizationHeader(clientInfo: ClientInfo, deviceInfo: DeviceInfo, accessToken = ''): string {
 	return [
-		`MediaBrowser Client="${encodeURI(clientInfo.name)}"`,
-		`Device="${encodeURI(deviceInfo.name)}"`,
-		`DeviceId="${encodeURI(deviceInfo.id)}"`,
-		`Version="${encodeURI(clientInfo.version)}"`,
-		`Token="${encodeURI(accessToken)}"`
+		`MediaBrowser Client="${encodeURIComponent(clientInfo.name)}"`,
+		`Device="${encodeURIComponent(deviceInfo.name)}"`,
+		`DeviceId="${encodeURIComponent(deviceInfo.id)}"`,
+		`Version="${encodeURIComponent(clientInfo.version)}"`,
+		`Token="${encodeURIComponent(accessToken)}"`
 	].join(', ');
 }