WordPress.org

Make WordPress Core

Opened 2 months ago

Last modified 8 weeks ago

#52642 new defect (bug)

Site Health resets htpasswd authorization on scroll

Reported by: WebDragon Owned by:
Milestone: 5.8 Priority: normal
Severity: normal Version: 5.6
Component: Site Health Keywords: needs-patch good-first-bug
Focuses: rest-api Cc:

Description

Website is behind HTPasswd Basic Auth. Sign in.
Sign in to wordpress admin.
Navigate to Site Health tools page
Scroll down, and wait a bit.
HTPasswd asks for re-auth. Sign in again.
scroll down and wait a bit. Lather rinse repeat.

problem tested and confirmed on three separate sites after initial discovery.

Change History (3)

#1 @TimothyBlynJacobs
2 months ago

  • Focuses rest-api added
  • Milestone changed from Awaiting Review to Future Release
  • Version changed from 5.6.2 to 5.6

Thanks for the ticket @WebDragon!

My inclination is that this is caused by the Site Health test that checks for whether the Authorization header is properly making it's way back to WordPress.

@clorith perhaps we should skip that test if wp_is_site_protected_by_basic_auth returns true?

#2 @Clorith
8 weeks ago

I agree @TimothyBlynJacobs, the question is if we should just remove the check altogether, like the HTTPS check if on a local setup, or let the test run, but add the check there to return a success state without doing the Authorization header check call?

I tend to lean towards the latter, that way it's possible for a user to look at the passed tests section and see it reliably.

#3 @TimothyBlynJacobs
8 weeks ago

  • Keywords needs-patch good-first-bug added
  • Milestone changed from Future Release to 5.8

Good call, I think you're right and we should skip performing the check but still return a valid result, maybe including some additional text that it wasn't directly performed.

Note: See TracTickets for help on using tickets.