diff --git a/moonraker/components/authorization.py b/moonraker/components/authorization.py
index c64c47e..1dcfb9a 100644
--- a/moonraker/components/authorization.py
+++ b/moonraker/components/authorization.py
@@ -526,17 +526,22 @@ class Authorization:
         auth_token: Optional[str] = request.headers.get("Authorization")
         if auth_token is None:
             auth_token = request.headers.get("X-Access-Token")
-        if auth_token and auth_token.startswith("Bearer "):
-            auth_token = auth_token[7:]
+            if auth_token is None:
+                qtoken = request.query_arguments.get('access_token', None)
+                if qtoken is not None:
+                    auth_token = qtoken[-1].decode()
         else:
-            qtoken = request.query_arguments.get('access_token', None)
-            if qtoken is not None:
-                auth_token = qtoken[-1].decode()
+            if auth_token.startswith("Bearer "):
+                auth_token = auth_token[7:]
+            else:
+                raise HTTPError(
+                    401, f"Invalid Authorization Header: {auth_token}")
         if auth_token:
             try:
                 return self._decode_jwt(auth_token)
-            except Exception as e:
-                raise HTTPError(401, str(e))
+            except Exception:
+                logging.exception(f"JWT Decode Error {auth_token}")
+                raise HTTPError(401, f"Error decoding JWT: {auth_token}")
         return None
 
     def _check_authorized_ip(self, ip: IPAddr) -> bool: