Make WordPress Core

Opened 11 months ago

Last modified 10 months ago

#52617 new enhancement

App Passwords: allow http success and reject URLs with local environment type.

Reported by: peterwilsoncc Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 5.6
Component: Application Passwords Keywords: good-first-bug has-patch
Focuses: rest-api Cc:


wp_is_authorize_application_password_request_valid() prevents an authorization request if either the success or reject URLs are over insecure connections (http).

On systems with the environment type set to local it would be helpful if these checks were bypassed in line with other aspects of the app passwords component.

Change History (3)

#1 @TimothyBlynJacobs
11 months ago

  • Focuses rest-api added
  • Keywords good-first-bug added
  • Milestone changed from Awaiting Review to Future Release
  • Version set to 5.6

#2 @wppunk
10 months ago

Leave it with me. I'm going to fix it.

This ticket was mentioned in PR #1109 on WordPress/wordpress-develop by wppunk.

10 months ago

  • Keywords has-patch added

I've update the wp_is_authorize_application_password_request_valid function and allow to use unsecure connection for the local environment.

Trac ticket: https://core.trac.wordpress.org/ticket/52617

Note: See TracTickets for help on using tickets.