Checks using sub requests with guzzle get wrong results in basic auth systems

Created on 16 June 2024, 6 months ago

Problem/Motivation

When using the module in basic auth systems which is mostly only test but can only be in production produces false green and false red results.
The executablePhp check is always green because the basic auth and the header check is always red because of it.

Steps to reproduce

Run tests in basic auth protected system.

Proposed resolution

Add basic auth config to httpClient calls and add a check of a file which should always be accessible to identify the basic auth problematic.
As far as I know there is no core standard config for local basic auth credentials. For example the entity_print.print_engine.dompdf can be used with basic auth by config and added by settings.php

$config['entity_print.print_engine.dompdf']['settings']['username'] = '{{ access_user }}';
$config['entity_print.print_engine.dompdf']['settings']['password'] = '{{ access_pass }}';

Especially as a security oriented module we should encourage people to also use settings.local.php outside web root. We can maybe avoid UI form to force.

Remaining tasks

User interface changes

API changes

Data model changes

πŸ› Bug report
Status

Active

Version

3.0

Component

Code

Created by

πŸ‡©πŸ‡ͺGermany c-logemann Frankfurt/M, Germany

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Production build 0.71.5 2024