[wp-trac] [WordPress Trac] #39224: Add Authorization header compatibility workaround to default htaccess

WordPress Trac noreply at wordpress.org
Sun Oct 25 03:53:11 UTC 2020 

#39224: Add Authorization header compatibility workaround to default htaccess
----------------------------+-------------------------
 Reporter:  Lucas_Lobosque  |       Owner:  (none)
     Type:  enhancement     |      Status:  closed
 Priority:  normal          |   Milestone:
Component:  REST API        |     Version:  4.7
 Severity:  normal          |  Resolution:  worksforme
 Keywords:                  |     Focuses:  rest-api
----------------------------+-------------------------
Changes (by TimothyBlynJacobs):

 * status:  new => closed
 * resolution:   => worksforme
 * milestone:  Future Release =>


Old description:

> Bottom Line: The Authentication header is unreliable and get dropped by
> most servers unless a modification is made to .htaccess
> As per https://github.com/WP-API/WP-API/issues/2512 this was a known
> issue but it was decided to take no action - "just configure your server
> the right way".
> But I wonder why not fix this issue by updating the default .htaccess to
> pass through the Authentication header?
> The REST API allows a whole new level of interaction with wordpress based
> websites that was not possible before. However, most Wordpress Users do
> not even know what .htaccess is! So lacking the hability to make it work
> by just installing plugins kind of undermines the whole premise of the
> REST API.
> The fix is described here: https://github.com/WP-API/Basic-Auth/issues/35

New description:

 Bottom Line: The Authentication header is unreliable and get dropped by
 most servers unless a modification is made to .htaccess
 As per https://github.com/WP-API/WP-API/issues/2512 this was a known issue
 but it was decided to take no action - "just configure your server the
 right way".
 But I wonder why not fix this issue by updating the default .htaccess to
 pass through the Authentication header?
 The REST API allows a whole new level of interaction with wordpress based
 websites that was not possible before. However, most WordPress Users do
 not even know what .htaccess is! So lacking the hability to make it work
 by just installing plugins kind of undermines the whole premise of the
 REST API.
 The fix is described here: https://github.com/WP-API/Basic-Auth/issues/35

--

Comment:

 This was fixed when we introduced Application Passwords in #42790.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/39224#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list