[wp-trac] [WordPress Trac] #42790: Permit basic authentication to the REST API over SSL
WordPress Trac
noreply at wordpress.org
Wed Nov 20 14:13:13 UTC 2019
#42790: Permit basic authentication to the REST API over SSL
-----------------------------+------------------------------
Reporter: kadamwhite | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by georgestephanis):
Replying to [comment:12 Otto42]:
> @kadamwhite Disagree. For sites using SSL, we should add Basic
Authentication to the login flow. Not just to the REST API, but to all
flows, using the general authentication mechanisms. Essentially, add basic
auth to the `authenticate` filter for the case when SSL is enabled.
Just to confirm, you feel that it should also be expanded so that basic
auth can be used in lieu of cookies for http requests to wp-admin, as well
as the legacy xmlrpc api?
If it can be switched to allow non-https requests as well, we should also
include a switch to disallow it to be used even for https requests -- in
the case of two-factor authentication where just the username and password
alone are insufficient.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42790#comment:14>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list