WordPress.org
Get WordPress

Plugin Directory

Changeset 3457488


Ignore:
Timestamp:
02/09/2026 09:40:55 PM (5 weeks ago)
Author:
vectoron
Message:

Fix: Enable Application Passwords for AJAX proxy via application_password_is_api_request filter

File:
1 edited

Legend:

Unmodified
Added
Removed

  • vectoron/trunk/includes/ajax-proxy.php

    r3457468 r3457488  
    5757    }
    5858
     59    // Enable Application Passwords for this AJAX request.
     60    // By default, wp_authenticate_application_password() only works for REST API
     61    // and XML-RPC requests (checks REST_REQUEST/XMLRPC_REQUEST constants).
     62    // Since we're routing REST calls through admin-ajax.php, we need to tell
     63    // WordPress this is a legitimate API request that should accept app passwords.
     64    add_filter( 'application_password_is_api_request', '__return_true' );
     65
    5966    $user = wp_authenticate( $credentials['username'], $credentials['password'] );
    6067    // Clear password from memory immediately
    6168    unset( $credentials['password'] );
     69
     70    // Remove the filter to avoid side effects on subsequent requests in the same process
     71    remove_filter( 'application_password_is_api_request', '__return_true' );
    6272
    6373    if ( is_wp_error( $user ) ) {
Note: See TracChangeset for help on using the changeset viewer.