From 7019add74e173117263e8877e178c1a116d87ca6 Mon Sep 17 00:00:00 2001 From: TimothyBlynJacobs Date: Mon, 10 Feb 2020 16:08:16 +0000 Subject: [PATCH] REST API: Add support for the REDIRECT_HTTP_AUTHORIZATION header. Previously the REST API did not account for server configurations where the Authorization header must be added using ModRewrite. This caused major DUX issues when trying to use custom authentication mechanisms. Fixes #47077. Props dshanske, cklosows. Built from https://develop.svn.wordpress.org/trunk@47239 git-svn-id: http://core.svn.wordpress.org/trunk@47039 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/rest-api/class-wp-rest-server.php | 6 ++++++ wp-includes/version.php | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/wp-includes/rest-api/class-wp-rest-server.php b/wp-includes/rest-api/class-wp-rest-server.php index d11318916e..acf23f4dda 100644 --- a/wp-includes/rest-api/class-wp-rest-server.php +++ b/wp-includes/rest-api/class-wp-rest-server.php @@ -1380,6 +1380,12 @@ class WP_REST_Server { foreach ( $server as $key => $value ) { if ( strpos( $key, 'HTTP_' ) === 0 ) { $headers[ substr( $key, 5 ) ] = $value; + } elseif ( 'REDIRECT_HTTP_AUTHORIZATION' === $key && empty( $server['HTTP_AUTHORIZATION'] ) ) { + /* + * In some server configurations, the authorization header is passed in this alternate location. + * Since it would not be passed in in both places we do not check for both headers and resolve. + */ + $headers['AUTHORIZATION'] = $value; } elseif ( isset( $additional[ $key ] ) ) { $headers[ $key ] = $value; } diff --git a/wp-includes/version.php b/wp-includes/version.php index 19e5cc6d50..6c8f633b67 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.4-alpha-47238'; +$wp_version = '5.4-alpha-47239'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.