Support » Plugin: Application Passwords » Apache + fast CGI issues

  • Hi, I am using apache 2.4 plus PHP-FPM setup.

    This setup has some issues with basic authentication headers that are cut by Apache and PHP knows nothing about auth attempts. I guess all FastCGI modes are behaving similar.

    My solution after some hours of research is:
    – setup this in the .htaccess file, in order to pass the authorization header directly to PHP

    # BEGIN WordPress
    SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
    ...

    Then in your Application_Passwords class I had to edit like this:

    	public static function rest_api_auth_handler( $input_user ){
    		// Don't authenticate twice
    		if ( ! empty( $input_user ) ) {
    			return $input_user;
    		}
    
    		if(preg_match('/Basic+(.*)$/i', $_SERVER['REDIRECT_HTTP_AUTHORIZATION'], $matches))
    		{
    			list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':' , base64_decode(substr($_SERVER['REDIRECT_HTTP_AUTHORIZATION'], 6)));
    		}
    		
    		// Check that we're trying to authenticate
    		if ( ! isset( $_SERVER['PHP_AUTH_USER'] ) ) {
    			return $input_user;
    		}
    ...
Viewing 1 replies (of 1 total)
  • So it may be nice if you include code to treat this kind of setup so updating the module would not become a nightmare in the future.

Viewing 1 replies (of 1 total)
  • The topic ‘Apache + fast CGI issues’ is closed to new replies.