401 Response when PHP-FPM Enabled

[jryutzy]

We recently noticed that all our REST API calls were failing authentication. It appeared to turn the request into an request from an Anonymous user even though we passed Basic Authentication header.

In Postman, here is what is being sent
POST /wp-json/wp/v2/users
Content-Type: application/json
Authorization: Basic YmVjaHRfYXBpX2FkbWluOmFzZGZhZGZzYXNkZmRmcw==

{
“username”: “ztest@bt1234.com”,
“name”: “Ztest 123”,
“email”: “ztest@b1234.com”,
“first_name”: “First Name”,
“last_name”: “Last Name”,
“password”: “zzz1dfsfsd23afdssd”
}

Here is response
{
“code”: “rest_cannot_create_user”,
“message”: “Sorry, you are not allowed to create new users.”,
“data”: {
“status”: 401
}
}

So, after doing some more research, it appears this started when we enabled PHP-FPM on cPanel which must be doing something with the headers passed with Basic Authentication to the WP Rest API. We use the Application Passwords plugin for generation application passwords to use with the REST API. Any thoughts on how to get this to work with PHP-FPM turned on so it doesn’t alter the Basic Authentication header?

[kasparsd]

Thanks for reporting the issue @jryutzy!

This is usually caused by the PHP config as you mentioned. See the "Why does this happen?" section of this wiki page for an explanation of why that happens.