The .zip file for my updated plugin requires authorization headers to request the .zip, stumped on how to add that functionality to this project

[periphery25]

Hello,

I have used the source code from this project and it has worked great, but now I have run into an issue I am a little stumped on.

In the update() function:

public function update( $transient ) {

    if ( empty($transient->checked ) ) {
        return $transient;
    }

    $remote = $this->request();

    if(
        $remote
        && version_compare( $this->version, $remote->version, '<' ) 
        && version_compare( $remote->requires, get_bloginfo( 'version' ), '<=' ) 
        && version_compare( $remote->requires_php, PHP_VERSION, '<' ) 
    ) 
        {
            $res = new stdClass(); 
            $res->slug = $this->plugin_slug;
            $res->plugin = plugin_basename( __FILE__ );
            $res->new_version = $remote->version;
            $res->tested = $remote->tested;
            $res->package = $remote->download_url;

            $transient->response[ $res->plugin ] = $res;

        }

    return $transient;

}

We have the line, which tells WordPress which URL to download the .zip file from:

$res->package = $remote->download_url;

My question: This worked great until we required an access-token (As a header on the request) to request that .zip file, now the call fails because the header is not added to the request, but I am stumped as to how I can tell wordpress to add the authorization header to the request and just wanted to see if anyone had any ideas on how to do that?

Things I tried:

• Doing a get request for the .zip and storing the response in a variable ($response), and then setting $res->package = $response but then I get the error on my plugin page "Update failed: Download failed. A valid URL was not provided." so that is making me realize it needs to be a valid URL, it cant be the .zip itself
• This lead me to my second idea, could put those headers in query params instead? In theory this should work but the resource can't be requested query paramaters, it has to be a header, does anyone know a workaround for this?

So that has left me a little stumped on how to accomplish this, I feel it should be totally doable somehow... Somehow??

Any help or discussion on this is much appreciated, thank you!

[popforce]

add_filter('http_request_args', 'popforce_maybe_add_basic_authentication_to_request', 10, 2);
function popforce_maybe_add_basic_authentication_to_request($args,$url){

    //Only Hook When Getting Stuff From My Server
    $update_server_domain = 'wp-updateserver.example.com';
    if(mb_stripos($url,$update_server_domain) === false) return $args;

    $auth_user = 'XXX';
    $auth_pass = 'XXX';

    //Add My Auth Headers
    $args['headers']['Authorization'] = 'Basic ' . base64_encode($auth_user.':'.$auth_pass);

    return $args;

}

[periphery25]

@popforce

Thank you so much for your response, and apologies on the delay seeing your comment

We ended up finding the 'http_request_args' hook too and that works perfectly for adding the required authorization headers for the updater

Thank you for sharing your solution, finding this hook took some serious digging on our end I feel like this is a really good action hook to keep handy for WP devs