Opened 5 years ago
Closed 4 years ago
#51642 closed defect (bug) (wontfix)
Better detect `local` environments to enable Application Passwords option showing up on localhost
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Priority: | normal | |
| Severity: | normal | Version: | |
| Component: | Bootstrap/Load | Keywords: | close |
| Focuses: | rest-api | Cc: |
Description (last modified by )
A call is made to wp_is_application_passwords_available() in the user-edit.php to see if the option should be shown or not. This is true if SSL is used, or if the current environment is 'local' according to wp_get_environment_type().
On my localhost wp_get_environment_type() returns 'production' while it's actually 'local' resulting in the application passwords option not showing up ( no SSL available ).
This is the path that shows up in the URL bar in my browser 'http://localhost/wordpress56/'
Don't know if it's related, but 'WP_ENVIRONMENT_TYPE' is also empty for me, which is checked in the wp_get_environment_type() code.
I'm using xampp with PHP 7.3 and WordPress 5.6 Beta 1 on my local machine.
Change History (8)
This ticket was mentioned in Slack in #core-passwords by georgestephanis. View the logs.
5 years ago
#4
@
5 years ago
- Component changed from Login and Registration to Bootstrap/Load
- Description modified (diff)
- Summary changed from Application Passwords option not showing up on localhost on the user profile page to Better detect `local` environments to enable Application Passwords option showing up on localhost
Retooling the title and description slightly to orient toward addressing the root concern. Also see #33161
cc: @SergeyBiryukov (following your work on the initial ticket) -- any thoughts on if there would be negative side effects of integrating the (fairly basic) check of "If the site_url's domain is localhost or 127.0.0.1 or ::1 default it to a local environment" -- Other options would include if there are no dots in it or the like, but keeping it easily understandable seems safer.
Also, possibly "ignore the constant if it's defined to a value other than the four valid options"
#5
@
5 years ago
One of the complicators is that the environment type is initialized in wp_initial_constants(), which is before the database is even loaded.
#6
@
5 years ago
Automatic environment type detection (based on host name, IP, etc) won't work because it's initialised so early (and it'll break for reverse proxies), but the application passwords code could do these things.
So it feels like this is surfacing some issues with bad data being returned by the environment type check.
In this specific instance, it's because your constant is set to an invalid value -- so it's falling back to "production".
If you configure the constant to "local" it will work.
https://github.com/WordPress/wordpress-develop/blob/1a0a55df8ca3576de2fe4eddafbbfab82abe682b/src/wp-includes/load.php#L229-L237
I'm wondering if we should add in some code to
wp_get_environment_typethat mimics some of the logic already sorted out in Jetpack here:https://github.com/Automattic/jetpack/blob/e401719b7989df671cb56d16f2320d478e81ad69/packages/status/src/class-status.php#L115-L240
to identify a local environment, if the constant is either not defined, or doesn't match one of the valid values.