WordPress.org

Make WordPress Core

Opened 5 years ago

Closed 13 months ago

#39224 closed enhancement (worksforme)

Add Authorization header compatibility workaround to default htaccess

Reported by: Lucas_Lobosque Owned by:
Milestone: Priority: normal
Severity: normal Version: 4.7
Component: REST API Keywords:
Focuses: rest-api Cc:

Description (last modified by TimothyBlynJacobs)

Bottom Line: The Authentication header is unreliable and get dropped by most servers unless a modification is made to .htaccess
As per https://github.com/WP-API/WP-API/issues/2512 this was a known issue but it was decided to take no action - "just configure your server the right way".
But I wonder why not fix this issue by updating the default .htaccess to pass through the Authentication header?
The REST API allows a whole new level of interaction with wordpress based websites that was not possible before. However, most WordPress Users do not even know what .htaccess is! So lacking the hability to make it work by just installing plugins kind of undermines the whole premise of the REST API.
The fix is described here: https://github.com/WP-API/Basic-Auth/issues/35

Change History (3)

#1 @rmccue
5 years ago

  • Milestone changed from Awaiting Review to Future Release
  • Summary changed from Wordpress REST API and Authentication header to Add Authorization header compatibility workaround to default htaccess
  • Type changed from defect (bug) to enhancement

Right now, there's no authentication schemes (apart from regular cookie auth) built in to WordPress, so this isn't needed in core. Eventually, it should be added to our default .htaccess modifications (assuming it's safe to do so), but it's not a core issue right now.

Milestoning for Future Release so it's around when we do actually include authentication. :)

This ticket was mentioned in Slack in #core-restapi by timothybjacobs. View the logs.


2 years ago

#3 @TimothyBlynJacobs
13 months ago

  • Description modified (diff)
  • Milestone Future Release deleted
  • Resolution set to worksforme
  • Status changed from new to closed

This was fixed when we introduced Application Passwords in #42790.

Note: See TracTickets for help on using tickets.