Opened 8 years ago
Closed 4 years ago
#39224 closed enhancement (worksforme)
Add Authorization header compatibility workaround to default htaccess
Reported by: | Lucas_Lobosque | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | 4.7 |
Component: | REST API | Keywords: | |
Focuses: | rest-api | Cc: |
Description (last modified by )
Bottom Line: The Authentication header is unreliable and get dropped by most servers unless a modification is made to .htaccess
As per https://github.com/WP-API/WP-API/issues/2512 this was a known issue but it was decided to take no action - "just configure your server the right way".
But I wonder why not fix this issue by updating the default .htaccess to pass through the Authentication header?
The REST API allows a whole new level of interaction with wordpress based websites that was not possible before. However, most WordPress Users do not even know what .htaccess is! So lacking the hability to make it work by just installing plugins kind of undermines the whole premise of the REST API.
The fix is described here: https://github.com/WP-API/Basic-Auth/issues/35
Change History (3)
#1
@
8 years ago
- Milestone changed from Awaiting Review to Future Release
- Summary changed from Wordpress REST API and Authentication header to Add Authorization header compatibility workaround to default htaccess
- Type changed from defect (bug) to enhancement
Right now, there's no authentication schemes (apart from regular cookie auth) built in to WordPress, so this isn't needed in core. Eventually, it should be added to our default .htaccess modifications (assuming it's safe to do so), but it's not a core issue right now.
Milestoning for Future Release so it's around when we do actually include authentication. :)