diff --git a/README.md b/README.md
index 52533ab..328d474 100644
--- a/README.md
+++ b/README.md
@@ -57,7 +57,7 @@ DNS is used for authorization of content updates.
 
 - If a `[wildcard]` configuration section is specified, and if the suffix of a hostname in a `POST` request is equal to `[wildcard].domain`, then the request is authorized when and only when the repository URL in the event body matches the repository URL computed from the configuration file. Otherwise the next rule is used.
 
-- If a `PUT` or `POST` request is received at `<hostname>` with an `Authorization: Pages <token>` header, then the request is authorized when any of the the TXT records at `_git-pages-challenge.<hostname>` are equal to `SHA256("<hostname> <token>")`.
+- If a `PUT` or `POST` request is received at `<hostname>` with an `Authorization: Pages <token>` header (or, in absence of such, with an `?Authorization=Pages+<token>` query parameter), then the request is authorized when any of the the TXT records at `_git-pages-challenge.<hostname>` are equal to `SHA256("<hostname> <token>")`.
 
 
 Architecture
diff --git a/src/pages.go b/src/pages.go
index 831580d..bc493e1 100644
--- a/src/pages.go
+++ b/src/pages.go
@@ -174,6 +174,13 @@ func postPage(w http.ResponseWriter, r *http.Request) error {
 		}
 		allowRepoURL = fmt.Sprintf(config.Wildcard.CloneURL, userName, repoName)
 	} else {
+		// GitHub and Gogs cannot supply an `Authorization:` header.
+		if r.Header.Get("Authorization") == "" {
+			if value := r.URL.Query().Get("Authorization"); value != "" {
+				r.Header.Set("Authorization", value)
+			}
+		}
+
 		if err := Authorize(w, r); err != nil {
 			return err
 		}