REST API: Add support for the REDIRECT_HTTP_AUTHORIZATION header.

Previously the REST API did not account for server configurations where the Authorization header must be added using ModRewrite. This caused major DUX issues when trying to use custom authentication mechanisms. Fixes #47077. Props dshanske, cklosows. Built from https://develop.svn.wordpress.org/trunk@47239 git-svn-id: http://core.svn.wordpress.org/trunk@47039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-27 14:53:08 +02:00 · 2020-02-10 16:08:16 +00:00 · 2020-02-10 16:08:16 +00:00 · 7019add74e
commit 7019add74e
parent 4bff827833
2 changed files with 7 additions and 1 deletions
--- a/wp-includes/rest-api/class-wp-rest-server.php
+++ b/wp-includes/rest-api/class-wp-rest-server.php
@ -1380,6 +1380,12 @@ class WP_REST_Server {
 		foreach ( $server as $key => $value ) {
 			if ( strpos( $key, 'HTTP_' ) === 0 ) {
 				$headers[ substr( $key, 5 ) ] = $value;
+			} elseif ( 'REDIRECT_HTTP_AUTHORIZATION' === $key && empty( $server['HTTP_AUTHORIZATION'] ) ) {
+				/*
+				 * In some server configurations, the authorization header is passed in this alternate location.
+				 * Since it would not be passed in in both places we do not check for both headers and resolve.
+				 */
+				$headers['AUTHORIZATION'] = $value;
 			} elseif ( isset( $additional[ $key ] ) ) {
 				$headers[ $key ] = $value;
 			}
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.4-alpha-47238';
+$wp_version = '5.4-alpha-47239';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.