WordPress site health status "Authorization has Failed"

indieweb / wordpress-indieauth

IndieAuth for WordPress

https://wordpress.org/plugins/indieauth/

MIT License

31 stars 11 forks source link

WordPress site health status "Authorization has Failed" #201

Closed ghost closed 3 years ago

ghost commented 3 years ago

This is what I get:

Authorization has Failed

The authorization header was not returned on this test, which means that your server may be stripping the Authorization header. This is needed for IndieAuth to work correctly.

If you are on Apache, try adding this line to your .htaccess file:

`SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1`

If that doesnt work, try this:

`RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]`

If that does not work either, you may need to ask your hosting provider to reconfigure to allow the Authorization header to be passed. If they refuse, you can pass it through Apache with an alternate name. The plugin searches for the header in REDIRECT_HTTP_AUTHORIZATION, as some FastCGI implementations store the header in this location.

I tested both codes/commands it said and the error doesn't go away. I asked my provider and he says everything is fine.

dshanske commented 3 years ago

Can you elaborate on 'everything is fine'?

ghost commented 3 years ago

Means the server/host allows the Authorization header.

On 15/05/2021 21:25, David Shanske wrote:

Can you elaborate on 'everything is fine'?

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/indieweb/wordpress-indieauth/issues/201#issuecomment-841692371, or unsubscribe https://github.com/notifications/unsubscribe-auth/APPTAMP26M7XH7CUOP7HWKTTN2RP7ANCNFSM446BEVLA.

-- Ali Reza Hayati (https://alirezahayati.com) Libre culture activist and privacy advocate PGP: 88A5 BDB7 E07C 39D0 8132 6412 DCB8 F138 B865 1771

faevourite commented 3 years ago

I'm having the same issue. It seems that the Authorization header isn't filtered on my instance either. I created a simple test.php file containing

$headers =  getallheaders();
foreach($headers as $key=>$val){
  echo $key . ': ' . $val . '<br>';
}

When I curl it with the Authorization header I see it in the response.

Is there anything else I can do to help troubleshoot this?

dshanske commented 3 years ago

I'll be releasing an attempted fix based on @chee 's fix (just using WordPress functions rather than escaping manually, very soon

dshanske commented 3 years ago

@0xARH @faevourite Can you recheck with the latest release and advise?

ghost commented 3 years ago

It's now fixed. Thank you very much.

On 29/05/2021 19:16, David Shanske wrote:

@0xARH https://github.com/0xARH @faevourite https://github.com/faevourite Can you recheck with the latest release and advise?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/indieweb/wordpress-indieauth/issues/201#issuecomment-850845187, or unsubscribe https://github.com/notifications/unsubscribe-auth/APPTAMMXQETVLLZUBP7CRODTQD44BANCNFSM446BEVLA.

-- Ali Reza Hayati (https://alirezahayati.com) Libre culture activist and privacy advocate PGP: 88A5 BDB7 E07C 39D0 8132 6412 DCB8 F138 B865 1771