Opened 2 months ago
Last modified 8 weeks ago
#52642 new defect (bug)
Site Health resets htpasswd authorization on scroll
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | 5.8 | Priority: | normal |
Severity: | normal | Version: | 5.6 |
Component: | Site Health | Keywords: | needs-patch good-first-bug |
Focuses: | rest-api | Cc: |
Description
Website is behind HTPasswd Basic Auth. Sign in.
Sign in to wordpress admin.
Navigate to Site Health tools page
Scroll down, and wait a bit.
HTPasswd asks for re-auth. Sign in again.
scroll down and wait a bit. Lather rinse repeat.
problem tested and confirmed on three separate sites after initial discovery.
Change History (3)
#1
@
2 months ago
- Focuses rest-api added
- Milestone changed from Awaiting Review to Future Release
- Version changed from 5.6.2 to 5.6
#2
@
8 weeks ago
I agree @TimothyBlynJacobs, the question is if we should just remove the check altogether, like the HTTPS check if on a local setup, or let the test run, but add the check there to return a success state without doing the Authorization header check call?
I tend to lean towards the latter, that way it's possible for a user to look at the passed tests section and see it reliably.
Thanks for the ticket @WebDragon!
My inclination is that this is caused by the Site Health test that checks for whether the
Authorization
header is properly making it's way back to WordPress.@clorith perhaps we should skip that test if
wp_is_site_protected_by_basic_auth
returns true?