[wp-trac] [WordPress Trac] #52097: Site Health Loopback Test doesn't send admin cookies
WordPress Trac
noreply at wordpress.org
Wed Dec 16 19:24:24 UTC 2020
#52097: Site Health Loopback Test doesn't send admin cookies
-------------------------------+--------------------
Reporter: TimothyBlynJacobs | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.6.1
Component: Site Health | Version: 5.6
Severity: normal | Keywords:
Focuses: rest-api |
-------------------------------+--------------------
In WordPress 5.6 we moved the async Site Health tests to use the REST API.
One of those tests is the loopback test which makes a request to
`admin_url()`. We send along any cookies in the request so that the user
is authenticated for this admin request.
However, now that the REST API is used, the admin-specific authentication
cookies are not included. This effectively means that the user isn't
authenticated. You can see this in practice by inspecting the loopback
response. The user is being redirected to `wp-login.php`.
This causes false positives with plugins that attempt to obscure `wp-
login.php` or have additional authentication blocking `wp-login.php` from
being loaded.
Discussing in
[https://wordpress.slack.com/archives/CKSU841L7/p1608146018052700 #core-
site-health], it may be better to change this test to use a front-end URL
for 5.6.1 and in the future add specific tests for making sure the file
editor save checks work in 5.7.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52097>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list