#51638 closed task (blessed) (fixed)
Add Site Health test for verifying the Authorization header works as expected
Reported by: | TimothyBlynJacobs | Owned by: | TimothyBlynJacobs |
---|---|---|---|
Milestone: | 5.6 | Priority: | normal |
Severity: | normal | Version: | 5.6 |
Component: | Site Health | Keywords: | has-patch commit has-screenshots |
Focuses: | rest-api | Cc: |
Description
Application Passwords utilizes the Authorization
header to pass the Basic Authentication credentials. In some server configurations, the values sent in the Authorization
header won't reach WordPress.
Because of this, we added the wp_populate_basic_auth_from_authorization_header()
and the RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
Mod Rewrite rule. This should account for the vast majority of failures.
This patch adds a test to Site Health to verify that the Authorization header is working as expected. If it isn't, we direct the user to the Permalinks screen which will regenerate their .htaccess
file in case the rule was missing.
Attachments (1)
Change History (12)
This ticket was mentioned in PR #665 on WordPress/wordpress-develop by TimothyBJacobs.
4 years ago
#1
- Keywords has-patch added
#2
@
4 years ago
Two changes of note.
- I introduced support for an async test to specifying a list of
headers
that get included in the request. This is so we can fill the Authorization header with a known value. - I added support for a
skip_cron
entry that can be used to declare that an async test shouldn't be run as cron. This test really doesn't make sense in a loopback environment.
This ticket was mentioned in Slack in #core-passwords by timothybjacobs. View the logs.
4 years ago
TimothyBJacobs commented on PR #665:
4 years ago
#4
#5
@
4 years ago
- Keywords commit has-screenshots added
Looking good, and the copy update is also in place I see, let's get this in as well.
#6
@
4 years ago
- Owner set to TimothyBlynJacobs
- Resolution set to fixed
- Status changed from new to closed
In 49334:
TimothyBJacobs commented on PR #665:
4 years ago
#7
Fixed in 0187bbdd7e4554b8c95c22fc9801cb73bd9086f1.
This ticket was mentioned in Slack in #core by sergey. View the logs.
4 years ago
#9
@
4 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
It appears the wp-api-generated.js was overlooked here as it's appearing in diffs off trunk after running grunt test
. Uploaded wp-api-generated.diff to address.
Thread - https://wordpress.slack.com/archives/C02RQBWTW/p1603922117261300
Trac ticket: https://core.trac.wordpress.org/ticket/51638