WordPress.org

Make WordPress Core

Opened 19 months ago

Last modified 19 months ago

#39224 new enhancement

Add Authorization header compatibility workaround to default htaccess

Reported by: Lucas_Lobosque Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.7
Component: REST API Keywords:
Focuses: rest-api Cc:

Description

Bottom Line: The Authentication header is unreliable and get dropped by most servers unless a modification is made to .htaccess As per https://github.com/WP-API/WP-API/issues/2512 this was a known issue but it was decided to take no action - "just configure your server the right way". But I wonder why not fix this issue by updating the default .htaccess to pass through the Authentication header? The REST API allows a whole new level of interaction with wordpress based websites that was not possible before. However, most Wordpress Users do not even know what .htaccess is! So lacking the hability to make it work by just installing plugins kind of undermines the whole premise of the REST API. The fix is described here: https://github.com/WP-API/Basic-Auth/issues/35

Change History (1)

#1 @rmccue
19 months ago

  • Milestone changed from Awaiting Review to Future Release
  • Summary changed from Wordpress REST API and Authentication header to Add Authorization header compatibility workaround to default htaccess
  • Type changed from defect (bug) to enhancement

Right now, there's no authentication schemes (apart from regular cookie auth) built in to WordPress, so this isn't needed in core. Eventually, it should be added to our default .htaccess modifications (assuming it's safe to do so), but it's not a core issue right now.

Milestoning for Future Release so it's around when we do actually include authentication. :)

Note: See TracTickets for help on using tickets.