From 9991a80cca60c8ffad9f5f0c46aca2ef09542e24 Mon Sep 17 00:00:00 2001
From: "Marius L. J" <clorith@git.wordpress.org>
Date: Wed, 2 Jun 2021 00:50:53 +0000
Subject: [PATCH] Site Health: Conditionally run Authorization header test.

The test to confirm if Authorization headers can be used and recognized by WordPress needs to include a username and password combination that WordPress can compare against during the testing phase. The inclusion of credentials here would unfortunately also invalidate any existing basic auth session for the site, for example if the user had added this as an extra layer of security on their back-end.

This test is now skipped if the `wp_is_site_protected_by_basic_auth()` function detects that basic auth is being used, since the act of using basic auth to access the site confirms that this feature is working as expected in the first place.

Props WebDragon, TimothyBlynJacobs, costdev.
Fixes #52642.

git-svn-id: https://develop.svn.wordpress.org/trunk@51057 602fd350-edb4-49c9-b593-d223f7449a82
---
 src/wp-admin/includes/class-wp-site-health.php | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/src/wp-admin/includes/class-wp-site-health.php b/src/wp-admin/includes/class-wp-site-health.php
index be1d439aee..81908008d3 100644
--- a/src/wp-admin/includes/class-wp-site-health.php
+++ b/src/wp-admin/includes/class-wp-site-health.php
@@ -2348,15 +2348,21 @@ class WP_Site_Health {
 					'has_rest'          => true,
 					'async_direct_test' => array( WP_Site_Health::get_instance(), 'get_test_https_status' ),
 				),
-				'authorization_header' => array(
+			),
+		);
+
+		// Conditionally include Authorization header test if the site isn't protected by Basic Auth.
+		if ( function_exists( 'wp_is_site_protected_by_basic_auth' ) ) {
+			if ( ! wp_is_site_protected_by_basic_auth() ) {
+				$tests['async']['authorization_header'] = array(
 					'label'     => __( 'Authorization header' ),
 					'test'      => rest_url( 'wp-site-health/v1/tests/authorization-header' ),
 					'has_rest'  => true,
 					'headers'   => array( 'Authorization' => 'Basic ' . base64_encode( 'user:pwd' ) ),
 					'skip_cron' => true,
-				),
-			),
-		);
+				);
+			}
+		}
 
 		// Conditionally include REST rules if the function for it exists.
 		if ( function_exists( 'rest_url' ) ) {