我正在创建在Node上运行的Next.js应用,该应用通过API与Apache提供的Wordpress安装进行通信。一切都是SSL。
这是我在Apache上设置虚拟主机的方式:
<VirtualHost myproject.test:443>
ServerName myproject.test
DocumentRoot "/Users/myusername/Sites/myproject/backend"
SSLEngine on
SSLCertificateFile "/Users/myusername/Sites/myproject/ssl/server.crt"
SSLCertificateKeyFile "/Users/graziano/Dropbox/myproject/ssl/server.key"
SSLProxyEngine On
ProxyPass /wp-admin !
ProxyPass /wp-login.php !
ProxyPass /index.php !
ProxyPass /wp-json !
ProxyPass / https://myproject.test:3000/
ProxyPassReverse / https://myproject.test:3000/
</VirtualHost>
我构建的前端包括一个登录表单,该表单通过自定义API路径将用户登录到Wordpress:
// The route itself:
https://myproject.test/wp-json/custom/v1/login?email=admin@myproject.test&password=admin
// The route configuration:
function login() {
register_rest_route( 'custom/v1', '/login', array(
'methods' => 'GET',
'callback' => array( $this, 'login_callback' )
));
}
function login_callback( $req ) {
$userCreds = array(
"user_login" => $req[ 'email' ],
"user_password" => $req[ 'password' ],
);
$userLogin = wp_signon( $userCreds, true );
$userID = $userLogin->ID;
return $userID;
}
一切正常:当用户使用我在Next.js应用程序中构建的登录表单登录时,将调用自定义路由并正确设置了Wordpress的默认身份验证Cookie,如下所示:
wordpress_logged_in_17c62dadff4e171bfa0e0441ae1d0576
不起作用的是,当像我在wp_signon函数中一样将login_callback的第二个参数设置为true时,还应该设置一个安全cookie,它看起来像这样:
wordpress_sec_17c62dadff4e171bfa0e0441ae1d0576
但是此cookie没有设置,我不知道为什么不这样做。