Add Site Health test for verifying the Authorization header works as expected

[TimothyBlynJacobs]

Application Passwords utilizes the Authorization header to pass the Basic Authentication credentials. In ​some server configurations, the values sent in the Authorization header won't reach WordPress.

Because of this, we added the wp_populate_basic_auth_from_authorization_header() and the RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] Mod Rewrite rule. This should account for the vast majority of failures.

This patch adds a test to Site Health to verify that the Authorization header is working as expected. If it isn't, we direct the user to the Permalinks screen which will regenerate their .htaccess file in case the rule was missing.

Trac ticket: https://core.trac.wordpress.org/ticket/51638

[TimothyBlynJacobs]

Two changes of note.

1. I introduced support for an async test to specifying a list of headers that get included in the request. This is so we can fill the Authorization header with a known value.
2. I added support for a skip_cron entry that can be used to declare that an async test shouldn't be run as cron. This test really doesn't make sense in a loopback environment.

[prbot]

​TimothyBJacobs commented on ​PR #665:

For reference:

[Clorith]

Looking good, and the copy update is also in place I see, let's get this in as well.

[TimothyBlynJacobs]

In 49334:

Site Health, App Passwords: Test if the Authorization header is populated correctly.

App Passwords rely on the Authorization header to transport the Basic Auth credentials. For Apache web servers, WordPress automatically includes a RewriteRule to populate the value for servers running in CGI or FastCGI that wouldn't ordinarily populate the value.

This tests if the header is being filled with the expected values. For Apache users, we direct the user to visit the Permalinks settings to flush their permalinks. For all other users, we direct them to a help document on developer.wordpress.org.

Props Clorith, marybaum, TimothyBlynJacobs.
Fixes #51638.

[prbot]

​TimothyBJacobs commented on ​PR #665:

Fixed in 0187bbdd7e4554b8c95c22fc9801cb73bd9086f1.

[garrett-eclipse]

Updated wp-api-generated.js

[garrett-eclipse]

It appears the wp-api-generated.js was overlooked here as it's appearing in diffs off trunk after running grunt test. Uploaded wp-api-generated.diff to address.
Thread - ​https://wordpress.slack.com/archives/C02RQBWTW/p1603922117261300

[SergeyBiryukov]

In 49368:

REST API: Regenerate test fixtures after [49334].

Props garrett-eclipse.
Fixes #51638.

[SergeyBiryukov]

In 49370:

REST API: Remove accidentally duplicated key in test fixtures.

Follow-up to [49334], [49368].

See #51638.