bradmkjr
commented
2 years ago If you look at the determine_current_user function, it never checks if the $user is already a valid user_id, preventing other authentication methods on REST urls, for example cookie or basic auth.
Hello After installing this plugin, an error is seen in the WordPress health test: (403) {"code":"jwt_auth_bad_auth_header","message":"Authorization header malformed.","data":{"status":403}}
This is apparently because of a test with the 'Authorization: Basic' header More information about this request: curl 'http://localhost/wordpress/wp-json/wp-site-health/v1/tests/authorization-header?_locale=user' \ -H 'Accept: application/json, /;q=0.1' \ -H 'Accept-Language: en,en-US;q=0.9,fa;q=0.8' \ -H 'Authorization: Basic dXNlcjpwd2Q=' \ -H 'Cache-Control: no-cache' \ -H 'Connection: keep-alive' \ -H 'Cookie: HIDE' \ -H 'DNT: 1' \ -H 'Pragma: no-cache' \ -H 'Referer: http://localhost/wordpress/wp-admin/site-health.php' \ -H 'Sec-Fetch-Dest: empty' \ -H 'Sec-Fetch-Mode: cors' \ -H 'Sec-Fetch-Site: same-origin' \ -H 'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.0.0 Safari/537.36' \ -H 'X-Requested-With: XMLHttpRequest' \ -H 'X-WP-Nonce: HIDE' \ -H 'sec-ch-ua: ".Not/A)Brand";v="99", "Google Chrome";v="103", "Chromium";v="103"' \ -H 'sec-ch-ua-mobile: ?0' \ -H 'sec-ch-ua-platform: "Windows"' \