Basic Auth is not passed through with PHP in CGI mode

[rmccue]

Migrated from WP-API/WP-API#8.

[vlood]

A workaround: https://wordpress.org/support/topic/authentication-hacks?replies=3

[graham73may]

Ran into this problem today, the solution we are using is to add:

    if (!isset($_SERVER['PHP_AUTH_USER']) && (isset($_SERVER['HTTP_AUTHORIZATION']) || isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']))) {
        if (isset($_SERVER['HTTP_AUTHORIZATION'])) {
            $header = $_SERVER['HTTP_AUTHORIZATION'];
        } else {
            $header = $_SERVER['REDIRECT_HTTP_AUTHORIZATION'];
        }

        list($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']) = explode(':', base64_decode(substr($header, 6)));
    }

To basic-auth.php in at line 22 underneath:

    // Don't authenticate twice
    if (!empty($user)) {
        return $user;
    }

We also added the following to the .htaccess (replacing the normal index.php rewrite rule):

RewriteRule . /index.php [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]

[graham73may]

Pull request created

https://github.com/WP-API/Basic-Auth/pull/32

[mnelson4]

ran into this same issue; specifically I needed to change my .htaccess file to

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization},L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

[mnelson4]

FYI we also created a branch https://github.com/eventespresso/Basic-Auth/tree/automatic-update-htaccess-for-fcgi which adds a setting onto the WP permalinks page which should automatically update the .htaccess file, but it's untested

[Rococolab]

Hi any idea how to solve the same issue but on NGINX instead of APACHE Thanks