You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I use nginx, and I have a line in my nginx.conf that looks like this:
try_files $uri $uri/ /index.php?q=$uri&$args;
This means that when my OAuth client hits /oauth1/request, WP receives a q parameter as well as the usual OAuth params. Because WP_JSON_Authentication_OAuth1::get_parameters doesn't strip it out, it's an automatic 401 from the plugin because the signature doesn't match.
I fixed it by unsetting $params['q'] before get_parameters returns. Obviously this won't work in all cases, so I attempted a patch that stripped all params that weren't in
This is correct; the way that OAuth signatures work is by signing the entire request. I'm not sure why you have that line in your nginx.conf (it's certainly not required for WP), but you can fix it on the PHP side by doing unset( $_GET['q'] ) if you're unable to change nginx.
just got into the same problem. The mentioned setup for NGINX is needed so WordPress will work behind a Load Balancer under certain circumstances.
Unfortunately it can't be changed. I do not want to unset unset( $_GET['q'] ) globally like mentioned by you as it might break things in other places.
Wouldn't it be possible to provide a filter/ hook to the parameters you are using so that they could be changed for nginx?
Right now I've added this unset($params['q']); after $params = array_merge( $params, $oauth_params ); and it seems to work but I would prefer not to "hack" the plugin.
I use nginx, and I have a line in my nginx.conf that looks like this:
This means that when my OAuth client hits
/oauth1/request
, WP receives aq
parameter as well as the usual OAuth params. BecauseWP_JSON_Authentication_OAuth1::get_parameters
doesn't strip it out, it's an automatic 401 from the plugin because the signature doesn't match.I fixed it by unsetting
$params['q']
beforeget_parameters
returns. Obviously this won't work in all cases, so I attempted a patch that stripped all params that weren't inbut that caused some other issue. Happy to investigate further if this is considered worth fixing.
The text was updated successfully, but these errors were encountered: