Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Request to Modify Authorization Header Handling for Specific Endpoints #142

Open
MuhammadFaizanHaidar1 opened this issue Dec 16, 2024 · 1 comment
Open

Request to Modify Authorization Header Handling for Specific Endpoints #142

MuhammadFaizanHaidar1 opened this issue Dec 16, 2024 · 1 comment

Comments

@MuhammadFaizanHaidar1
Copy link

Hi [Loops and logic Developer's],

I hope this message finds you well.

We’re currently using the [CheckView] to expose custom REST API endpoints on our WordPress site. Our plugin relies on JWT tokens passed in the Authorization header to authenticate API calls.

However, we’ve encountered a conflict between our plugin and Loops and Logic because of how the Authorization header is being processed globally. Specifically, your plugin appears to handle all REST API requests with the following code snippet:

add_filter( 'rest_pre_dispatch', array( $this, 'rest_pre_dispatch' ), 10, 3 );

$header_name = 'HTTP_AUTHORIZATION';
$auth = isset( $_SERVER[ $header_name ] ) ? $_SERVER[ $header_name ] : false;

if ( ! $auth ) {
$auth = isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] )
? $_SERVER['REDIRECT_HTTP_AUTHORIZATION']
: false;
}
This code is attempting to validate the Authorization header for every REST API request, including those unrelated to the Loops and Logic API. Since our plugin also uses the Authorization header for JWT-based validation, this results in errors when the Loops and Logic plugin tries to interpret our JWT tokens as API keys.

Suggested Solution
To prevent conflicts and ensure both plugins can coexist without issues, we kindly request that you modify the header validation logic to only process Authorization headers for your specific endpoints.

Here is an example of how this can be achieved:

$requested_route = rest_get_url_prefix() . '/your-api-base'; // Replace with your API base route.if ( strpos( $_SERVER['REQUEST_URI'], $requested_route ) !== false ) {
$header_name = 'HTTP_AUTHORIZATION';
$auth = isset( $_SERVER[ $header_name ] ) ? $_SERVER[ $header_name ] : false;

if ( ! $auth ) {
    $auth = isset( $_SERVER['REDIRECT_HTTP_AUTHORIZATION'] )
        ? $_SERVER['REDIRECT_HTTP_AUTHORIZATION']
        : false;
}

// Proceed with your plugin's authentication logic here.

}
Thanks!
@zackpyle
Copy link

zackpyle commented Dec 24, 2024
edited
Loading

@eliot-akira This is causing an issue for me where I have L&L and CheckView on a few sites. Can you please look into it? Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@zackpyle @MuhammadFaizanHaidar1