This is a bug as the Authorization header shouldn't take effect if no auth is configured in the webhook
Want to submit something? We're looking forward to your ideas.