From 4b6c25d4bc33d49097320e29e6e5705b12e9d6ef Mon Sep 17 00:00:00 2001
From: Jordi Boggiano <j.boggiano@seld.be>
Date: Tue, 14 Jan 2020 15:35:52 +0100
Subject: [PATCH] Use Authorization header instead of deprecated access_token
 query param, fixes #8454

---
 src/Composer/Util/RemoteFilesystem.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Composer/Util/RemoteFilesystem.php b/src/Composer/Util/RemoteFilesystem.php
index 6d343f7a1..4885b7530 100644
--- a/src/Composer/Util/RemoteFilesystem.php
+++ b/src/Composer/Util/RemoteFilesystem.php
@@ -278,7 +278,7 @@ class RemoteFilesystem
         if (isset($options['github-token'])) {
             // only add the access_token if it is actually a github URL (in case we were redirected to S3)
             if (preg_match('{^https?://([a-z0-9-]+\.)*github\.com/}', $fileUrl)) {
-                $fileUrl .= (false === strpos($fileUrl, '?') ? '?' : '&') . 'access_token='.$options['github-token'];
+                $options['http']['header'][] = 'Authorization: token '.$options['github-token'];
             }
             unset($options['github-token']);
         }