WordPress.org

Make WordPress Core

Opened 5 weeks ago

Closed 13 days ago

#51642 closed defect (bug) (wontfix)

Better detect `local` environments to enable Application Passwords option showing up on localhost

Reported by: tijmensmit Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Bootstrap/Load Keywords: close
Focuses: rest-api Cc:

Description (last modified by georgestephanis)

A call is made to wp_is_application_passwords_available() in the user-edit.php to see if the option should be shown or not. This is true if SSL is used, or if the current environment is 'local' according to wp_get_environment_type().

On my localhost wp_get_environment_type() returns 'production' while it's actually 'local' resulting in the application passwords option not showing up ( no SSL available ).

This is the path that shows up in the URL bar in my browser 'http://localhost/wordpress56/'

Don't know if it's related, but 'WP_ENVIRONMENT_TYPE' is also empty for me, which is checked in the wp_get_environment_type() code.

I'm using xampp with PHP 7.3 and WordPress 5.6 Beta 1 on my local machine.

Change History (8)

#1 @georgestephanis
5 weeks ago

So it feels like this is surfacing some issues with bad data being returned by the environment type check.

In this specific instance, it's because your constant is set to an invalid value -- so it's falling back to "production".

If you configure the constant to "local" it will work.

https://github.com/WordPress/wordpress-develop/blob/1a0a55df8ca3576de2fe4eddafbbfab82abe682b/src/wp-includes/load.php#L229-L237

I'm wondering if we should add in some code to wp_get_environment_type that mimics some of the logic already sorted out in Jetpack here:

https://github.com/Automattic/jetpack/blob/e401719b7989df671cb56d16f2320d478e81ad69/packages/status/src/class-status.php#L115-L240

to identify a local environment, if the constant is either not defined, or doesn't match one of the valid values.

#2 @georgestephanis
5 weeks ago

  • Component changed from REST API to Login and Registration
  • Focuses rest-api added

This ticket was mentioned in Slack in #core-passwords by georgestephanis. View the logs.


5 weeks ago

#4 @georgestephanis
5 weeks ago

  • Component changed from Login and Registration to Bootstrap/Load
  • Description modified (diff)
  • Summary changed from Application Passwords option not showing up on localhost on the user profile page to Better detect `local` environments to enable Application Passwords option showing up on localhost

Retooling the title and description slightly to orient toward addressing the root concern. Also see #33161

cc: @SergeyBiryukov (following your work on the initial ticket) -- any thoughts on if there would be negative side effects of integrating the (fairly basic) check of "If the site_url's domain is localhost or 127.0.0.1 or ::1 default it to a local environment" -- Other options would include if there are no dots in it or the like, but keeping it easily understandable seems safer.

Also, possibly "ignore the constant if it's defined to a value other than the four valid options"

#5 @TimothyBlynJacobs
5 weeks ago

One of the complicators is that the environment type is initialized in wp_initial_constants(), which is before the database is even loaded.

#6 @johnbillion
5 weeks ago

Automatic environment type detection (based on host name, IP, etc) won't work because it's initialised so early (and it'll break for reverse proxies), but the application passwords code could do these things.

#7 @TimothyBlynJacobs
5 weeks ago

  • Keywords close added

I think we should close this out then. It isn't difficult to set the environment type constant correctly, and I don't think using different definitions of "local" specifically for App Passwords is a good idea.

#8 @TimothyBlynJacobs
13 days ago

  • Milestone Awaiting Review deleted
  • Resolution set to wontfix
  • Status changed from new to closed

Closing per previous comment.

Note: See TracTickets for help on using tickets.