WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 2 months ago

#51173 new feature request

Add support for /.well-known/change-password

Reported by: romainmrhenry Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: Login and Registration Keywords: needs-unit-tests
Focuses: Cc:

Description

[Chrome Feature](https://www.chromestatus.com/feature/6256768407568384)
[Editors Draft](https://wicg.github.io/change-password-url/)

This already landed in Safari

Would it be possible to add support for /.well-known/change-password into WordPress?

This might redirect to wp_login_url()

Attachments (1)

canonical.diff (476 bytes) - added by romainmrhenry 2 months ago.

Download all attachments as: .zip

Change History (7)

#1 @SergeyBiryukov
2 months ago

  • Component changed from General to Login and Registration

#2 @johnbillion
2 months ago

  • Version trunk deleted

Note: Some hosts handle routing for the .well-known path internally, meaning that such requests might not ever reach the web server that WordPress is running on. I know for example that SiteGround does this.

#3 @romainmrhenry
2 months ago

Yes, also read some anecdotes of either hosts or proxies handling all .well-known paths. I personally think this is a bad practice, but unfortunately the [spec](https://www.rfc-editor.org/rfc/rfc8615.html) does not prohibit this.

Last edited 2 months ago by romainmrhenry (previous) (diff)

#4 @ayeshrajans
2 months ago

  • Keywords needs-unit-tests added

+1 from me. I think it's a really nice addition. I'm not sure redirecting to the login page is the correct approach though. Shouldn't we send the user to wp-admin/profile.php, where the new password field is located? WordPress will take care to redirect the user to the login page with redirect_to parameter set back to wp-admin/profile.php in case the user is not logged in.

#5 @romainmrhenry
2 months ago

I though about redirecting to wp-admin/profile.php and still consider it a good option.

wp_login_url() might offer more options to theme builders, especially those with custom user flows (ecommerce).

It might need to be a separate thing altogether with a dedicated filter.

#6 @ayeshrajans
2 months ago

This URL is intended to be used when the user tries to change the password, as in a password manager helping to automatically or semi-automatically change the password. I think a redirect to the profile page is fine, because any custom workflows for user profile would redirect the user from profile page to any custom page anyway.

Note: See TracTickets for help on using tickets.