diff --git a/src/server/base.ts b/src/server/base.ts
index e70f6a0..b6e964a 100644
--- a/src/server/base.ts
+++ b/src/server/base.ts
@@ -1011,7 +1011,7 @@ export abstract class Server {
     await Promise.all(deletes);
 
     debug(
-      'updating storage manifest to version=%j for=%j',
+      'updating storage manifest to version=%d for=%j',
       manifest.version,
       device.debugId,
     );
diff --git a/src/server/ws/connection.ts b/src/server/ws/connection.ts
index 4ab9254..9d596b5 100644
--- a/src/server/ws/connection.ts
+++ b/src/server/ws/connection.ts
@@ -1015,8 +1015,10 @@ export class Connection extends Service {
     }
 
     if (path === '/v1/websocket/') {
+      await this.handleAuthHeaders(this.request.headers);
       return;
     }
+
     debug('websocket connection has unexpected URL %s', url);
   }
 
@@ -1080,11 +1082,21 @@ export class Connection extends Service {
       return;
     }
 
+    await this.handleAuthHeaders(headers);
+  }
+
+  private async handleAuthHeaders(
+    headers: Record<string, string | Array<string> | undefined>,
+  ) {
     const authHeaders = headers.authorization;
-    if (!authHeaders) {
+    if (authHeaders === undefined) {
       debug('Websocket connection does not include Authorization header');
       return;
     }
+    if (Array.isArray(authHeaders)) {
+      debug('Websocket connection includes multiple Authorization headers');
+      return;
+    }
     const { error, username, password } = parseAuthHeader(authHeaders, {
       allowEmptyPassword: true,
     });