diff --git a/cmd/csaf_provider/controller.go b/cmd/csaf_provider/controller.go
index 8d54e52..081b1bf 100644
--- a/cmd/csaf_provider/controller.go
+++ b/cmd/csaf_provider/controller.go
@@ -80,9 +80,9 @@ func (c *controller) auth(
 			http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 			return
 		} else {
-		    hash := r.Header.Get("X-CSAF-PROVIDER-AUTH")
-		    if !c.cfg.checkPassword(hash) {
-			    http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
+			hash := r.Header.Get("X-CSAF-PROVIDER-AUTH")
+			if !c.cfg.checkPassword(hash) {
+				http.Error(rw, http.StatusText(http.StatusForbidden), http.StatusForbidden)
 				return
 			}
 		}