Don't send token in Authorization header when it is null/empty

[artpar]

Turned out to be a problem when using a 3rd party auth middleware

daptin/daptin#133 (comment)