mirror of
https://github.com/WordPress/WordPress.git
synced 2024-12-23 09:37:42 +01:00
REST API: Add support for the REDIRECT_HTTP_AUTHORIZATION header.
Previously the REST API did not account for server configurations where the Authorization header must be added using ModRewrite. This caused major DUX issues when trying to use custom authentication mechanisms. Fixes #47077. Props dshanske, cklosows. Built from https://develop.svn.wordpress.org/trunk@47239 git-svn-id: http://core.svn.wordpress.org/trunk@47039 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
4bff827833
commit
7019add74e
@ -1380,6 +1380,12 @@ class WP_REST_Server {
|
|||||||
foreach ( $server as $key => $value ) {
|
foreach ( $server as $key => $value ) {
|
||||||
if ( strpos( $key, 'HTTP_' ) === 0 ) {
|
if ( strpos( $key, 'HTTP_' ) === 0 ) {
|
||||||
$headers[ substr( $key, 5 ) ] = $value;
|
$headers[ substr( $key, 5 ) ] = $value;
|
||||||
|
} elseif ( 'REDIRECT_HTTP_AUTHORIZATION' === $key && empty( $server['HTTP_AUTHORIZATION'] ) ) {
|
||||||
|
/*
|
||||||
|
* In some server configurations, the authorization header is passed in this alternate location.
|
||||||
|
* Since it would not be passed in in both places we do not check for both headers and resolve.
|
||||||
|
*/
|
||||||
|
$headers['AUTHORIZATION'] = $value;
|
||||||
} elseif ( isset( $additional[ $key ] ) ) {
|
} elseif ( isset( $additional[ $key ] ) ) {
|
||||||
$headers[ $key ] = $value;
|
$headers[ $key ] = $value;
|
||||||
}
|
}
|
||||||
|
@ -13,7 +13,7 @@
|
|||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '5.4-alpha-47238';
|
$wp_version = '5.4-alpha-47239';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
Loading…
Reference in New Issue
Block a user