[wp-trac] [WordPress Trac] #42790: Permit basic authentication to the REST API over SSL
WordPress Trac
noreply at wordpress.org
Sat Nov 16 00:23:34 UTC 2019
#42790: Permit basic authentication to the REST API over SSL
-----------------------------+------------------------------
Reporter: kadamwhite | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by Otto42):
Additional: for the proposal of adding basic auth to the `authenticate`
filter, to allow it for all login flows, I would have the ssl check be
capable of being disabled via a filter, or a defined constant.
If I wanna run http on my site and allow basic auth, then that's my call.
It shouldn't be the default, but it should be possible.
When credentials are already sent in the clear, then there is no harm in
allowing that via add-ons. The benefit here is in bringing this job into
core instead of requiring plugins to do the job, perhaps incorrectly.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42790#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list