Use REST API discovery for subdirectory WordPress sites#26
Merged
Conversation
The connect agent assumed WordPress lived at the root of the domain, which broke several connection methods when WP core is in a subdirectory (e.g., example.com/wordpress/) or the whole site is in one (e.g., example.com/blog/). Consequences: App Password authorization 404'd because wp-admin was at a different path than expected, XML-RPC probes failed for the same reason, and the WordPress.com API probe couldn't find subdirectory sites because it used the path as a URL segment instead of the domain::path syntax the API expects. The fix uses the HTTP Link header (rel="https://api.w.org/") as the primary REST API discovery method, then fetches the REST API root to get the `url` (siteurl) and `home` fields. All other paths (wp-admin, xmlrpc.php, WP.com API domain) are derived from those two values instead of guessed from the user-provided URL. Also adds detection for Jetpack sites where the JSON API module is disabled or Jetpack is installed but not connected, so users get a clear message and fall back to REST API instead of going through a doomed OAuth flow.
…-discovery # Conflicts: # agents/connect.md
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
The connect agent assumed WordPress lived at the root of the domain. This broke several connection methods for two common setups:
example.com, WP core atexample.com/wordpress/): App Password authorization and XML-RPC probes 404'd because wp-admin and xmlrpc.php live under the subdirectory, not the root.example.com/blog/): the WordPress.com API probe failed because it passed the path as a URL segment instead of using thedomain::pathsyntax the API expects.The fix uses the HTTP
Linkheader as the primary REST API discovery method, then reads theurl(siteurl) andhomefields from the REST API root. All other paths -- wp-admin, xmlrpc.php, WP.com API domain -- are derived from those two values instead of guessed from the user-provided URL.This also includes detection for Jetpack sites where the JSON API module is disabled or Jetpack isn't connected, so users get a clear message and fall back to REST API + Application Password instead of going through OAuth only to hit a wall.
Test plan
Tested against real sites in both subdirectory configurations:
Linkheader discovers REST API at root,urlfield reveals the real WP core path, wp-admin and xmlrpc.php resolve correctly at that pathLinkheader discovers REST API under the subdir, WP.com API probe usesdomain::pathsyntax and returns site infourlandhomeare the same, all paths derive as beforehasConnectedOwner, shows message, falls backhasConnectedOwner: false, shows message, falls back/jetpack/v4/connectionreturns 404, falls through to self-hosted methods