Request to Modify Authorization Header Handling for Specific Endpoints

  • Resolved CheckView

    (@checkview)


    3 months ago

    Hi [Loops and logic Developer’s],

    I hope this message finds you well.

    We’re currently using the [CheckView] to expose custom REST API endpoints on our WordPress site. Our plugin relies on JWT tokens passed in the Authorization header to authenticate API calls.

    However, we’ve encountered a conflict between our plugin and Loops and Logic because of how the Authorization header is being processed globally. Specifically, your plugin appears to handle all REST API requests with the following code snippet:

    add_filter( ‘rest_pre_dispatch’, array( $this, ‘rest_pre_dispatch’ ), 10, 3 );

    $header_name = ‘HTTP_AUTHORIZATION’;
    $auth = isset( $_SERVER[ $header_name ] ) ? $_SERVER[ $header_name ] : false;

    if ( ! $auth ) {
    $auth = isset( $_SERVER[‘REDIRECT_HTTP_AUTHORIZATION’] )
    ? $_SERVER[‘REDIRECT_HTTP_AUTHORIZATION’]
    : false;
    }
    This code is attempting to validate the Authorization header for every REST API request, including those unrelated to the Loops and Logic API. Since our plugin also uses the Authorization header for JWT-based validation, this results in errors when the Loops and Logic plugin tries to interpret our JWT tokens as API keys.

    Suggested Solution
    To prevent conflicts and ensure both plugins can coexist without issues, we kindly request that you modify the header validation logic to only process Authorization headers for your specific endpoints.

    Here is an example of how this can be achieved:

    $requested_route = rest_get_url_prefix() . ‘/your-api-base’; // Replace with your API base route.if ( strpos( $_SERVER[‘REQUEST_URI’], $requested_route ) !== false ) {
    $header_name = ‘HTTP_AUTHORIZATION’;
    $auth = isset( $_SERVER[ $header_name ] ) ? $_SERVER[ $header_name ] : false;

    if ( ! $auth ) {
    $auth = isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] )
        ? $_SERVER['REDIRECT_HTTP_AUTHORIZATION']
        : false;
}

// Proceed with your plugin's authentication logic here.

    }
    Thanks!

    Below is the link to github issue
    https://github.com/TangibleInc/template-system/issues/142

    The page I need help with: [log in to see the link]

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • You must be logged in to reply to this topic.

Tags