Make WordPress Core

Changeset 51057


Ignore:
Timestamp:
06/02/2021 12:50:53 AM (3 years ago)
Author:
Clorith
Message:

Site Health: Conditionally run Authorization header test.

The test to confirm if Authorization headers can be used and recognized by WordPress needs to include a username and password combination that WordPress can compare against during the testing phase. The inclusion of credentials here would unfortunately also invalidate any existing basic auth session for the site, for example if the user had added this as an extra layer of security on their back-end.

This test is now skipped if the wp_is_site_protected_by_basic_auth() function detects that basic auth is being used, since the act of using basic auth to access the site confirms that this feature is working as expected in the first place.

Props WebDragon, TimothyBlynJacobs, costdev.
Fixes #52642.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/includes/class-wp-site-health.php

    r50939 r51057  
    23492349                    'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_https_status' ),
    23502350                ),
    2351                 'authorization_header' => array(
     2351            ),
     2352        );
     2353
     2354        // Conditionally include Authorization header test if the site isn't protected by Basic Auth.
     2355        if ( function_exists( 'wp_is_site_protected_by_basic_auth' ) ) {
     2356            if ( ! wp_is_site_protected_by_basic_auth() ) {
     2357                $tests['async']['authorization_header'] = array(
    23522358                    'label'     => __( 'Authorization header' ),
    23532359                    'test'      => rest_url( 'wp-site-health/v1/tests/authorization-header' ),
     
    23552361                    'headers'   => array( 'Authorization' => 'Basic ' . base64_encode( 'user:pwd' ) ),
    23562362                    'skip_cron' => true,
    2357                 ),
    2358             ),
    2359         );
     2363                );
     2364            }
     2365        }
    23602366
    23612367        // Conditionally include REST rules if the function for it exists.
Note: See TracChangeset for help on using the changeset viewer.