Make WordPress Core


Ignore:
Timestamp:
10/27/2020 06:30:03 PM (4 years ago)
Author:
TimothyBlynJacobs
Message:

Site Health, App Passwords: Test if the Authorization header is populated correctly.

App Passwords rely on the Authorization header to transport the Basic Auth credentials. For Apache web servers, WordPress automatically includes a RewriteRule to populate the value for servers running in CGI or FastCGI that wouldn't ordinarily populate the value.

This tests if the header is being filled with the expected values. For Apache users, we direct the user to visit the Permalinks settings to flush their permalinks. For all other users, we direct them to a help document on developer.wordpress.org.

Props Clorith, marybaum, TimothyBlynJacobs.
Fixes #51638.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/endpoints/class-wp-rest-site-health-controller.php

    r49225 r49334  
    9999                    'permission_callback' => function () {
    100100                        return $this->validate_request_permission( 'dotorg_communication' );
     101                    },
     102                ),
     103                'schema' => array( $this, 'get_public_item_schema' ),
     104            )
     105        );
     106
     107        register_rest_route(
     108            $this->namespace,
     109            sprintf(
     110                '/%s/%s',
     111                $this->rest_base,
     112                'authorization-header'
     113            ),
     114            array(
     115                array(
     116                    'methods'             => 'GET',
     117                    'callback'            => array( $this, 'test_authorization_header' ),
     118                    'permission_callback' => function () {
     119                        return $this->validate_request_permission( 'authorization_header' );
    101120                    },
    102121                ),
     
    176195    public function test_loopback_requests() {
    177196        return $this->site_health->get_test_loopback_requests();
     197    }
     198
     199    /**
     200     * Checks that the authorization header is valid.
     201     *
     202     * @since 5.6.0
     203     *
     204     * @return array
     205     */
     206    public function test_authorization_header() {
     207        return $this->site_health->get_test_authorization_header();
    178208    }
    179209
Note: See TracChangeset for help on using the changeset viewer.