From ae8189cc62961f79ea935b603ecf9d358c98aaf5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?K=C3=A9vin=20Chalet?= <kevinchalet@gmail.com>
Date: Sun, 25 Jun 2023 05:25:27 +0200
Subject: [PATCH] Use HttpHeaders.Add() instead of TryAddWithoutValidation()

---
 .../OpenIddictClientWebIntegrationHandlers.Userinfo.cs          | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs
index b529c04f..ffe51b51 100644
--- a/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs
+++ b/src/OpenIddict.Client.WebIntegration/OpenIddictClientWebIntegrationHandlers.Userinfo.cs
@@ -129,7 +129,7 @@ public static partial class OpenIddictClientWebIntegrationHandlers
                 // Shopify requires using the non-standard "X-Shopify-Access-Token" header.
                 else if (context.Registration.ProviderType is ProviderTypes.Shopify)
                 {
-                    request.Headers.TryAddWithoutValidation("X-Shopify-Access-Token", request.Headers.Authorization?.Parameter);
+                    request.Headers.Add("X-Shopify-Access-Token", request.Headers.Authorization?.Parameter);
 
                     // Remove the access token from the request headers to ensure it's not sent twice.
                     request.Headers.Authorization = null;