[wp-trac] [WordPress Trac] #51939: Basic Auth staging protections conflicts with App Passwords
WordPress Trac
noreply at wordpress.org
Fri Dec 4 15:56:50 UTC 2020
#51939: Basic Auth staging protections conflicts with App Passwords
-----------------------------------+-----------------------
Reporter: TimothyBlynJacobs | Owner: (none)
Type: defect (bug) | Status: new
Priority: highest omg bbq | Milestone: 5.6
Component: Application Passwords | Version: 5.6
Severity: blocker | Resolution:
Keywords: | Focuses: rest-api
-----------------------------------+-----------------------
Comment (by TimothyBlynJacobs):
> Also, if the site itself is accessed via basic auth, maybe we could
detect that and set an option disabling application passwords in the first
place?
Ooh nice. I like how deviously simple this would be. Where would we put
that logic? Perhaps detect that on `wp_loaded()`? We'd need to regularly
invalidate it and make sure that they weren't passing it to a REST API
route.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51939#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list