Basic auth breaks external traffic by replacing Authorisation headers

  • wpbp_http_request_args replaces authorization header for all domains (not only wordpress one).

    This causes external services that work under authorisation header to fail due to one in app being replace by basic auth info.

    Maybe checking home_url would be handy?

    public function wpbp_http_request_args( $r, $url ) {
		if(strpos(get_home_url(), $url) === 0) {
            $digest = self::$instance->options->get( 'http_basic_auth_digest' );
            if ($digest) {
                $r['headers']['Authorization'] = 'Basic ' . $digest;
            }
        }
		return $r;
	}
  • The topic ‘Basic auth breaks external traffic by replacing Authorisation headers’ is closed to new replies.