WordPress.org

Make WordPress Core

Opened 9 months ago

Last modified 3 days ago

#47077 new enhancement

Add Support for REDIRECT_HTTP_AUTHORIZATION to REST Server

Reported by: dshanske Owned by:
Milestone: 5.4 Priority: normal
Severity: normal Version: 4.4
Component: REST API Keywords: dev-feedback needs-unit-tests
Focuses: Cc:
PR Number:

Description

In WP_REST_Server->get_headers it endeavors to get a subset of headers.

It pulls any header with HTTP, strips the HTTP, and adds it. It adds 'CONTENT_LENGTH', 'CONTENT_MD5', 'CONTENT_TYPE'

Suggesting for compatibility, it pull REDIRECT_HTTP_AUTHORIZATION and add it in as 'Authorization' if HTTP_AUTHORIZATION is not set.

https://github.com/WP-API/Basic-Auth/issues/35
https://github.com/WP-API/Basic-Auth/issues/1

This is mentioned as an issue in multiple auth plugins. In the interest of compatibility, this header should be available to the REST endpoint.

Attachments (1)

47077.diff (976 bytes) - added by dshanske 3 months ago.

Download all attachments as: .zip

Change History (7)

This ticket was mentioned in Slack in #core-restapi by timothybjacobs. View the logs.


7 months ago

#2 @TimothyBlynJacobs
7 months ago

  • Milestone changed from Awaiting Review to Future Release
  • Version set to 4.4

This seems like a sensible change to me. Do you want to work on a patch @dshanske?

@dshanske
3 months ago

#3 @dshanske
3 months ago

  • Keywords dev-feedback added; needs-patch removed
  • Milestone changed from Future Release to 5.4

This should do it.

This ticket was mentioned in Slack in #core-restapi by timothybjacobs. View the logs.


5 weeks ago

This ticket was mentioned in Slack in #core-restapi by timothybjacobs. View the logs.


3 days ago

#6 @TimothyBlynJacobs
3 days ago

  • Keywords needs-unit-tests added

Thanks for the patch @dshanske! I think unit tests would be nice to have here.

Should we double check that HTTP_AUTHORIZATION is not set? Or would that be overkill do you think. Thinking if it is possible for the header value to be stomped on if both keys are set somehow.

Note: See TracTickets for help on using tickets.