Index: src/wp-includes/rest-api.php
===================================================================
--- src/wp-includes/rest-api.php	(revision 42354)
+++ src/wp-includes/rest-api.php	(working copy)
@@ -241,6 +241,7 @@
  * @since 4.4.0
  *
  * @global WP             $wp             Current WordPress environment instance.
+ * @global WP_User|null   $user           Current WordPress User.
  */
 function rest_api_loaded() {
 	if ( empty( $GLOBALS['wp']->query_vars['rest_route'] ) ) {
@@ -255,6 +256,16 @@
 	 */
 	define( 'REST_REQUEST', true );
 
+	// Determine the user that the request should be run under (if any).
+	if ( isset( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] ) ) {
+		// We are explicitly only accepting HTTP Basic Auth for HTTPS requests.
+		if ( ! is_ssl() ) {
+			wp_send_json_error( __( 'HTTP Basic Auth is unavailable for non-HTTPS requests.' ), 403 );
+			die();
+		}
+		$GLOBALS['user'] = wp_authenticate( $_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW'] );
+	}
+
 	// Initialize the server.
 	$server = rest_get_server();