@timmmmyboy thanks for your help in trying to figure out the difficulties we are having.
I have talked to fiver other folks with ReCLAIM who use the indieweb micropub plug-in with WordPress so we can publish with third party clients.
All of the sudden we can no longer have our endpoints get passed the header authorization. The plugin maintainer suggested maybe you need to whitelist our headers but I do not know what that means.
Any help you can offer to figure out why we lost functionality would be great.
Unfortunately I don’t know what that means either so I would need more specifics. Also are you saying you used to be able to do this and no longer can? When did that change for you? I thought we tested and ruled out the header issue by adding the recommended htaccess line.
Yes I was able to pass the header authorization scripts folks wrote to try and diagnose the problem. I think I have my console still open I can probably look at my Curl tests to find the date.
Yes it all just stopped working for everyone I know on ReClaim who uses the micropub plug-in.
What Micropub client do you use? Or have you tried different ones? I can’t think of a single thing that would have changed for all servers that recently (we’re way less strategic than that about updates and changes at the server level). If it was a specific site that can’t communicate with Reclaim sites it could be a firewall issue which we do have a global firewall that could make some sense.
WordPress 4.9.6 was released on May 17th. That’s the only global thing I can think. Perhaps the plugin isn’t compatible for some reason? Or are you still on 4.9.5?
We are on 4.9.6 and the speculation was the update did it but the strange thing is only folks in the community affected are those who are on ReClaim Hosting and use htaccess.
Not to throw you for a complete loop but I did a fresh install of WordPress 4.9.6 on Reclaim in my own account, https://micropub.timowens.io. I installed the plugin, setup the social profile so I could login. Made sure I was completely logged out of WordPress. Authenticated with Quill, and posted this from there https://micropub.timowens.io/uncategorized/test-content/. No other modifications were made at the server level or to the install (I didn’t even touch .htaccess).
(had to use image, I can’ t post more than four links)
I tried only using the micropub plug-in alone, all the indieweb plug-ins activated, both local endpoint and both indieauth endpoints, both local endpoints and indie indiauthendpint with all and none of the plug-ins.
I did not change the .htaccess file. What would be different about your set up than mine?
I don’t know how that differs from what you’re doing. I haven’t used any other plugins, themes, or any other methods. But clearly it’s not an issue of anything server-side so at this point I’ll defer to people who have a better understanding of the “IndieWeb”.
Hey everyone with @timmyboy’s help I have figured out the problem. The indieauth plug-in is currently breaking micropub. If you turn it off it will work.
Hey all, Has anyone found a solution to this issue? I have the IndieAuth plugin installed and can’t seem to use my site to log in to Indigenous. I have tried all kinds of things to get this to work and then got some advice that there might be a problem with Apache that needs to be dealt with via Reclaim. Here’s some additional information:
My plug-ins page gives me this message:
In order to ensure IndieAuth tokens will work please perform this check: [Check Script]
When I run the script, I get the following:
Authorization has Failed
The authorization header was not returned on this test, which means that your server may be stripping the Authorization header. If you are on Apache, try adding this line to your .htaccess file: SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1'
If that doesnt work, try this: RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
If that does not work either, you may need to ask your hosting provider to whitelist the Authorization header for your account. If they refuse, you can pass it through Apache with an alternate name. The plugin searches for the header in REDIRECT_HTTP_AUTHORIZATION, as some FastCGI implementations store the header in this location.
I have tried adding the suggested lines to the .htaccess file. I see that Greg mentioned “whitelist” in the exchange from a year ago. Anyway, can anyone help?
Around the same time this thread was started @jgmac1106 also opened a support ticket and we tried several things and found that this was the fix, added to .htaccess:
It was, however, a different use case in that he was using Micropub to publish to WordPress externally. It sounds like you already tried this though I’ll note there is no single quote at the end of the line. Regardless I don’t believe this is a hosting issue so you’ll need to consult with the developers or other community members about best practices given it’s specific to a particular use case with software rather than something concrete with our environment. I mentioned previously in this thread there’s no such thing in our environment as “whitelisting a header” so I think the developer’s documentation doesn’t apply to our environment.