[wp-trac] [WordPress Trac] #42790: Permit basic authentication to the REST API over SSL

WordPress Trac noreply at wordpress.org
Wed Nov 20 14:13:13 UTC 2019


#42790: Permit basic authentication to the REST API over SSL
-----------------------------+------------------------------
 Reporter:  kadamwhite       |       Owner:  (none)
     Type:  feature request  |      Status:  new
 Priority:  normal           |   Milestone:  Awaiting Review
Component:  REST API         |     Version:
 Severity:  normal           |  Resolution:
 Keywords:                   |     Focuses:
-----------------------------+------------------------------

Comment (by georgestephanis):

 Replying to [comment:12 Otto42]:
 > @kadamwhite Disagree. For sites using SSL, we should add Basic
 Authentication to the login flow. Not just to the REST API, but to all
 flows, using the general authentication mechanisms. Essentially, add basic
 auth to the `authenticate` filter for the case when SSL is enabled.

 Just to confirm, you feel that it should also be expanded so that basic
 auth can be used in lieu of cookies for http requests to wp-admin, as well
 as the legacy xmlrpc api?

 If it can be switched to allow non-https requests as well, we should also
 include a switch to disallow it to be used even for https requests -- in
 the case of two-factor authentication where just the username and password
 alone are insufficient.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/42790#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list