[wp-trac] [WordPress Trac] #52066: Application Passwords are unusable in combination with password protected /wp-admin
WordPress Trac
noreply at wordpress.org
Sat Jan 9 21:59:06 UTC 2021
#52066: Application Passwords are unusable in combination with password protected
/wp-admin
-----------------------------------+---------------------
Reporter: SeBsZ | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.6.1
Component: Application Passwords | Version: 5.6
Severity: major | Resolution:
Keywords: has-patch commit | Focuses:
-----------------------------------+---------------------
Comment (by TimothyBlynJacobs):
One of the issues here is what we really care about is whether the front-
end is protected by Basic Auth, but we are forced to check this in the
admin area. So after thinking on this and @ocean90's comment, I tweaked
the function to accept a specific `context` to check for. I think this
makes it clear how this function is intended to be used, and its current
shortcomings.
I think for 5.7 we could explore making this more robust by doing a
loopback request and checking for a `WWW-Authenticate` header.
What are people's thoughts on this?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52066#comment:10>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list