Site Health: Conditionally run Authorization header test.

The test to confirm if Authorization headers can be used and recognized by WordPress needs to include a username and password combination that WordPress can compare against during the testing phase. The inclusion of credentials here would unfortunately also invalidate any existing basic auth session for the site, for example if the user had added this as an extra layer of security on their back-end. This test is now skipped if the `wp_is_site_protected_by_basic_auth()` function detects that basic auth is being used, since the act of using basic auth to access the site confirms that this feature is working as expected in the first place. Props WebDragon, TimothyBlynJacobs, costdev. Fixes #52642. Built from https://develop.svn.wordpress.org/trunk@51057 git-svn-id: http://core.svn.wordpress.org/trunk@50666 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2024-09-27 14:53:08 +02:00 · 2021-06-02 00:51:57 +00:00 · 2021-06-02 00:51:57 +00:00 · 918610fb88
commit 918610fb88
parent 033c742a4e
2 changed files with 11 additions and 5 deletions
--- a/wp-admin/includes/class-wp-site-health.php
+++ b/wp-admin/includes/class-wp-site-health.php
@ -2348,15 +2348,21 @@ class WP_Site_Health {
 					'has_rest'          => true,
 					'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_https_status' ),
 				),
-				'authorization_header' => array(
+			),
+		);
+
+		// Conditionally include Authorization header test if the site isn't protected by Basic Auth.
+		if ( function_exists( 'wp_is_site_protected_by_basic_auth' ) ) {
+			if ( ! wp_is_site_protected_by_basic_auth() ) {
+				$tests['async']['authorization_header'] = array(
 					'label'     => __( 'Authorization header' ),
 					'test'      => rest_url( 'wp-site-health/v1/tests/authorization-header' ),
 					'has_rest'  => true,
 					'headers'   => array( 'Authorization' => 'Basic ' . base64_encode( 'user:pwd' ) ),
 					'skip_cron' => true,
-				),
-			),
-		);
+				);
+			}
+		}

 		// Conditionally include REST rules if the function for it exists.
 		if ( function_exists( 'rest_url' ) ) {
--- a/wp-includes/version.php
+++ b/wp-includes/version.php
@ -13,7 +13,7 @@
 *
 * @global string $wp_version
 */
-$wp_version = '5.8-alpha-51056';
+$wp_version = '5.8-alpha-51057';

 /**
 * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.