REST API: Add support for HTTP_CONTENT_TYPE in authentication#6095
Merged
dereksmart merged 1 commit intomasterfrom Jan 13, 2017
Merged
REST API: Add support for HTTP_CONTENT_TYPE in authentication#6095dereksmart merged 1 commit intomasterfrom
dereksmart merged 1 commit intomasterfrom
Conversation
Contributor
|
Tested, both with a Jetpack site installation running over HTTP and another installation running over HTTPS. LGTM |
Contributor
|
@dereksmart when you have some time, please confirm that the milestone 4.5 for this PR is correct. Thanks! |
Contributor
|
Yep, I agree, LGTM after confirming that this goes into 4.5. |
Contributor
|
Into 4.5 it goes! af7d4b7 |
Member
Author
|
That was fast! Thanks 🙇 |
dereksmart
pushed a commit
that referenced
this pull request
Jan 17, 2017
CHangelog: add #5457 Changelog: add #5487 Changelog: add #5708 Changelog: add #5879 Changelog: add #5932 Changelog: add #5963 Changelog: add #5968 Changelog: add #5996 Changelog: add #5998 Changelog: add #5999 Changelog: add #6012 Changelog: add #6013 Changelog: add #6014 Changelog: add #6015 Changelog: add #6023 Changelog: add #6024 Changelog: add #6030 Changelog: add #5465 CHangelog: add #6063 Changelog: add #6025 Changelog: add #5974 Changelog: add #6059 Changelog: add #6046 Changelog: add #5418 Changelog: move things around and add missing information. Changelog: add #5565 Changelog: add #6087 Changelog: add #6095
dereksmart
pushed a commit
that referenced
this pull request
Jan 17, 2017
Changelog: add #5867 Changelog: add #5874 Changelog: add #5905 Changelog: add #5906 Changelog: add #5931 Changelog: add #5933 Changelog: add #5934 Bring over 4.4.2 changelog from branch-4.4 @see 18012a3 Changelog: add #5976, #5978, #5983 Changelog: add #5917 Changelog: add #5832 Changelog: add 4.4.2 release post link. CHangelog: add #5457 Changelog: add #5487 Changelog: add #5708 Changelog: add #5879 Changelog: add #5932 Changelog: add #5963 Changelog: add #5968 Changelog: add #5996 Changelog: add #5998 Changelog: add #5999 Changelog: add #6012 Changelog: add #6013 Changelog: add #6014 Changelog: add #6015 Changelog: add #6023 Changelog: add #6024 Changelog: add #6030 Changelog: add #5465 CHangelog: add #6063 Changelog: add #6025 Changelog: add #5974 Changelog: add #6059 Changelog: add #6046 Changelog: add #5418 Changelog: move things around and add missing information. Changelog: add #5565 Changelog: add #6087 Changelog: add #6095 Readme: add @tyxla to the list of contributors. Improved changelog for your readability and enjoyment updated the release date finalizing the changelog with a few more edits
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In #5418 we introduced an alternative authentication method that allows us to authenticate with Jetpack Signatures.
However while testing together with @oskosk we discovered that there's a bug with the
Content-Type. Specifically, we're reading it only from$_SERVER['CONTENT_TYPE'], but some servers might pass it as$_SERVER['HTTP_CONTENT_TYPE']. This PR adds support forHTTP_CONTENT_TYPEin addition toCONTENT_TYPE. In addition, we're making sure that the content type is actually specified (by using! empty()instead ofisset()).Thanks @oskosk for finding this one.
Testing instructions
Please review the code. The fix here appears to be a common practice with PHP development, as we always need to consider BOTH keys under
$_SERVERfor correct content type detection.Proposed changelog entry for your changes:
Fixes detection of request content type, based on available headers passed down by the web server.