[wp-trac] [WordPress Trac] #52066: Application Passwords are unusable in combination with password protected /wp-admin
WordPress Trac
noreply at wordpress.org
Wed Jan 20 07:35:55 UTC 2021
#52066: Application Passwords are unusable in combination with password protected
/wp-admin
-----------------------------------+---------------------
Reporter: SeBsZ | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: 5.6.1
Component: Application Passwords | Version: 5.6
Severity: major | Resolution:
Keywords: has-patch commit | Focuses:
-----------------------------------+---------------------
Comment (by SergeyBiryukov):
Replying to [comment:10 TimothyBlynJacobs]:
> I think this makes it clear how this function is intended to be used,
and its current shortcomings.
The approach in the current PR makes sense to me for 5.6.1. Inaccurate
results are not ideal, but it looks like a filter is the most
straightforward solution for now.
> I think for 5.7 we could explore making this more robust by doing a
loopback request and checking for a `WWW-Authenticate` header.
That would be great :)
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52066#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list