[wp-trac] [WordPress Trac] #51939: Basic Auth staging protections conflicts with App Passwords
WordPress Trac
noreply at wordpress.org
Wed Feb 22 12:53:30 UTC 2023
#51939: Basic Auth staging protections conflicts with App Passwords
-------------------------------------------------+-------------------------
Reporter: TimothyBlynJacobs | Owner:
| TimothyBlynJacobs
Type: defect (bug) | Status: closed
Priority: highest omg bbq | Milestone: 5.6
Component: Application Passwords | Version: 5.6
Severity: blocker | Resolution: fixed
Keywords: has-patch has-unit-tests dev- | Focuses: rest-api
reviewed |
-------------------------------------------------+-------------------------
Comment (by lucasbustamante):
It would be really cool if we could use Application Passwords on a site
that is behind Basic Auth :(
> Don't report errors if the password isn't exactly 24 characters, ie the
format of App Passwords. Since App Passwords are unlikely to be typed by
hand, and even if they were, an Application could reject them if they
weren't 24 characters, this would be a fairly good indicator that App
Passwords were attempted to be used. But if the server level Basic Auth
password was 24 characters long, you'd also have this issue.
Since sites behind Basic Auth are usually under development/staging, I
think this could be a good solution for us to enable through a filter,
such as: `add_filter('wp_application_password_basic_auth_compat',
'__return_true');`, which then would trigger the behavior above, as a
solution for those that need to use App Pass on Basic Auth environments?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/51939#comment:26>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list