Proxy authentication header mistake
|Reported by:||thales.tede||Owned by:||dd32|
|Severity:||critical||Keywords:||HTTP proxy authentication|
In WP release 2.9.2, I had issues on my factory intranet that is protected from the "wild" outside internet by a gateway (proxy).
I well defined the constants WP_PROXY... in my wp-config.php, but as soon as I need a request towards internet (worpress site most likely), I got errors on authentication, while I set up the correct proxy credentials.
I finally pointed out the problem crawling into the wp-includes/http.php package.
In the "authentication_header" function of the WP_Http class, the returned string starts with 'Proxy-Authentication:' instead of 'Proxy-Authorization:'.
I just had a look to the RFC-2616 that does not mention such a header.
I guess that it is not so current to get wordpress behind a proxy, and thus not so well tested.