diff --git a/docker-compose.yml b/docker-compose.yml
index 6e6c46cf..e4e0486a 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -3,7 +3,7 @@ services:
     gateway:
         ports:
             - 8080:8080
-        image: openfaas/gateway:0.13.7-rc4
+        image: openfaas/gateway:0.13.7-rc5
         networks:
             - functions
         environment:
diff --git a/gateway/handlers/basic_auth_injector.go b/gateway/handlers/basic_auth_injector.go
new file mode 100644
index 00000000..83fc0220
--- /dev/null
+++ b/gateway/handlers/basic_auth_injector.go
@@ -0,0 +1,20 @@
+// Copyright (c) OpenFaaS Author(s). All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+package handlers
+
+import (
+	"net/http"
+
+	"github.com/openfaas/faas-provider/auth"
+)
+
+type BasicAuthInjector struct {
+	Credentials *auth.BasicAuthCredentials
+}
+
+func (b BasicAuthInjector) Inject(r *http.Request) {
+	if r != nil && b.Credentials != nil {
+		r.SetBasicAuth(b.Credentials.User, b.Credentials.Password)
+	}
+}
diff --git a/gateway/handlers/basic_auth_injector_test.go b/gateway/handlers/basic_auth_injector_test.go
new file mode 100644
index 00000000..850bfab5
--- /dev/null
+++ b/gateway/handlers/basic_auth_injector_test.go
@@ -0,0 +1,21 @@
+// Copyright (c) OpenFaaS Author(s). All rights reserved.
+// Licensed under the MIT license. See LICENSE file in the project root for full license information.
+
+package handlers
+
+import (
+	"net/http"
+	"net/http/httptest"
+	"testing"
+)
+
+func Test_Inject_WithNilRequestAndNilCredentials(t *testing.T) {
+	injector := BasicAuthInjector{}
+	injector.Inject(nil)
+}
+
+func Test_Inject_WithRequestButNilCredentials(t *testing.T) {
+	injector := BasicAuthInjector{}
+	req := httptest.NewRequest(http.MethodGet, "/", nil)
+	injector.Inject(req)
+}
diff --git a/gateway/server.go b/gateway/server.go
index 6b3630fc..3945def7 100644
--- a/gateway/server.go
+++ b/gateway/server.go
@@ -89,7 +89,11 @@ func main() {
 		functionURLTransformer = nilURLTransformer
 	}
 
-	serviceAuthInjector := &BasicAuthInjector{Credentials: credentials}
+	var serviceAuthInjector handlers.AuthInjector
+
+	if config.UseBasicAuth {
+		serviceAuthInjector = &handlers.BasicAuthInjector{Credentials: credentials}
+	}
 
 	decorateExternalAuth := handlers.MakeExternalAuthHandler
 
@@ -257,11 +261,3 @@ func runMetricsServer() {
 
 	log.Fatal(s.ListenAndServe())
 }
-
-type BasicAuthInjector struct {
-	Credentials *auth.BasicAuthCredentials
-}
-
-func (b BasicAuthInjector) Inject(r *http.Request) {
-	r.SetBasicAuth(b.Credentials.User, b.Credentials.Password)
-}