Opened 4 years ago
Last modified 2 years ago
#51173 new feature request
Add support for /.well-known/change-password
Reported by: | romainmrhenry | Owned by: | |
---|---|---|---|
Milestone: | Future Release | Priority: | normal |
Severity: | normal | Version: | |
Component: | Login and Registration | Keywords: | needs-unit-tests needs-patch |
Focuses: | Cc: |
Description
[Chrome Feature](https://www.chromestatus.com/feature/6256768407568384)
[Editors Draft](https://wicg.github.io/change-password-url/)
This already landed in Safari
Would it be possible to add support for /.well-known/change-password into WordPress?
This might redirect to wp_login_url()
Attachments (1)
Change History (14)
#3
@
4 years ago
Yes, also read some anecdotes of either hosts or proxies handling all .well-known
paths. I personally think this is a bad practice, but unfortunately the [spec](https://www.rfc-editor.org/rfc/rfc8615.html) does not prohibit this.
#4
@
4 years ago
- Keywords needs-unit-tests added
+1 from me. I think it's a really nice addition. I'm not sure redirecting to the login page is the correct approach though. Shouldn't we send the user to wp-admin/profile.php
, where the new password field is located? WordPress will take care to redirect the user to the login page with redirect_to
parameter set back to wp-admin/profile.php
in case the user is not logged in.
#5
@
4 years ago
I though about redirecting to wp-admin/profile.php
and still consider it a good option.
wp_login_url()
might offer more options to theme builders, especially those with custom user flows (ecommerce).
It might need to be a separate thing altogether with a dedicated filter.
#6
@
4 years ago
This URL is intended to be used when the user tries to change the password, as in a password manager helping to automatically or semi-automatically change the password. I think a redirect to the profile page is fine, because any custom workflows for user profile would redirect the user from profile page to any custom page anyway.
#7
@
4 years ago
Maybe we should also consider to use the autocomplete attributes:
<input type="password" autocomplete="new-password">
or:
<input type="password" autocomplete="current-password">
for the password field(s).
#10
@
4 years ago
@johnbillion I found this old ticket: https://core.trac.wordpress.org/ticket/49608
Should we re-open it, or should I write a new one with the fokus on autocomplete="current-password"
?
#11
@
3 years ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to Future Release
#12
@
3 years ago
This is now also supported in 1Password and Chrome.
Would be great if we could move forward with this :)
#13
@
2 years ago
The specification for this has reached First Public Working Draft : https://www.w3.org/TR/2022/WD-change-password-url-20220927/
Who on the WordPress core team can champion this feature?
Note: Some hosts handle routing for the
.well-known
path internally, meaning that such requests might not ever reach the web server that WordPress is running on. I know for example that SiteGround does this.