search

indieweb / wordpress-indieauth

IndieAuth for WordPress
https://wordpress.org/plugins/indieauth/
MIT License
31 stars 11 forks source link

Missing authorization cod for IndieAuth plugin #204

Closed vjmillersr70 closed 3 years ago

vjmillersr70 commented 3 years ago

Since the IndieAuth plugin was upgraded I got this notification Authorization has Failed The authorization header was not returned on this test, which means that your server may be stripping the Authorization header. This is needed for IndieAuth to work correctly.

If you are on Apache, try adding this line to your .htaccess file:

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

If that doesnt work, try this:

RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]

If that does not work either, you may need to ask your hosting provider to reconfigure to allow the Authorization header to be passed. If they refuse, you can pass it through Apache with an alternate name. The plugin searches for the header in REDIRECT_HTTP_AUTHORIZATION, as some FastCGI implementations store the header in this location.

If contacting your hosting provider does not work you can open an issue on GitHub and we will try to assist

I have not been able to get it fixed

Realmsuncharted from NameCheap hosted on Stablehost.

dshanske commented 3 years ago

And you didn't get it pre upgrade?

AlanSRalph commented 3 years ago

I'm seeing the same thing here, error message only started appearing after the plugin was upgraded.

chee commented 3 years ago

I think this started for me after the upgrade, but rolling back to the previous version hasn't fixed it. I can't log in to my site using the Indigenous android app anymore, which I could and did last week.

dshanske commented 3 years ago

This is strange, as the last version only changed text... nothing in functionality... will try to figure out what could have happened.

chee commented 3 years ago

@dshanske i have an error in my logs here: https://github.com/indieweb/wordpress-indieauth/blame/trunk/includes/class-indieauth-admin.php#L220

PHP message: PHP Warning:  Attempt to read property "message" on null in /weblog/wp-content/plugins/indieauth/includes/class-indieauth-admin.php on line 220"
chee commented 3 years ago

the returned response has a div with a class, and uses the double quote. so the json is invalid:

  {"message":"<div class="notice notice-success"><p>Authorization Header Found. You should be able to use all clients."}
dshanske commented 3 years ago

@vjmillersr70 @AlanSRalph Can you advise if fixed with latest release?

AlanSRalph commented 3 years ago

@vjmillersr70 @AlanSRalph Can you advise if fixed with latest release?

I'm no longer getting warning on Site Health Check since updating to latest version of IndieAuth.