401 Error with Plugin

Keywords: WordPress Multisite - AWS - Technical issue - Permissions
bnsupport ID: 4249f425-00b7-7c36-3d49-53fa00914387
Description:
I have added the review widget judge.me on my site but the review is not showing. I added a test review, and can see it on the judge.me site and it says published, but it is not showing on my site.

I contacted support for the plugin and they had this response:

"It seems that our plugin is having problems to access your shop, this probably explains why the reviews are not updating.

Could you please check with your host or firewall about this error that we’re receiving?:

Response: 401
{“status”:”error”,”error”:”MISSING_AUTHORIZATION_HEADER”,”error_description”:”Authorization header not received. Either authorization header was not sent or it was removed by your server due to security reasons.”}

You should make sure that our access is whitelisted from this root:
https://speedstix.com/wp-json/judgeme/v1/*"

I had a similar issue that was resolved for some custom code:

https://community.bitnami.com/t/authorization-header-removed-on-aws-bitnami-wordpress-multisite/86866

So I did the same thing and added the below section to htaccess:

<Directory /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/judgeme-product-reviews-woocommerce/>
AllowOverride All
Options FollowSymLinks

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.)
RewriteRule ^(.
) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization “(.*)” HTTP_AUTHORIZATION=$1

But this did not work.

I can’t find any physical directory on the server called “wp-json”.

Any idea what I need to do get get permissions to work correctly?

The htaccess changes were for the plugin directory :<Directory /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/judgeme-product-reviews-woocommerce/>

The plugin directory keeps getting striped out, it is “Directory /opt/bitnami/apps/wordpress/htdocs/wp-content/plugins/judgeme-product-reviews-woocommerce” with the appropriate tags.

Hello @igolfapps,

The directory you used should work, have you restarted your instance processes:

sudo /opt/bitnami/ctlscript.sh

You can also test whether the issue is coming from defining an incorrect directory using htdocs one like so:

<Directory /opt/bitnami/apps/wordpress/htdocs>
AllowOverride All
Options FollowSymLinks

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
</Directory>

If the problem persists try checking with the plugin’s developers again, as the error may not be on your htaccess configuration.

Regards,
Francisco de Paz

Hi, thanks for the response.

Yes, I restarted the services after each change before testing again.

I tried the above as per you suggestion but got a 500 internal server error when browsing to the website.

The plugin developers specifically said the below, but I can’t see that physical path, or anywhere where I can whitelist anything:

“You should make sure that our access is whitelisted from this root:
https://speedstix.com/wp-json/judgeme/v1/*

Hello @igolfapps,

The error 500 may be coming from having more than one Directory pointing to the same root, /opt/bitnami/apps/wordpress/htdocs in this case. You can check Apache’s syntax by running:

sudo apachectl configtest

Let me try to reproduce the issue with the plugin and come back as soon as I have any news.

Regards,
Francisco de Paz

Hello @igolfapps,

I have deployed a fresh instance and successfully installed judge.me plugin, with its a 200 response on wp-json/judgeme/v1. I didn’t have to modify anything on htaccess, though I checked that adding the lines regarding SetEnvIf and RewriteRule don’t break its access. The headers contained in my response are:

Could you please add the following code to the existing Directory in your htaccess file:

<Directory /opt/bitnami/apps/wordpress/htdocs/wp-content/>
<IfModule mod_headers.c>
  ...
  <FilesMatch "\.(json)$">
    Header always set Access-Control-Allow-Origin "*"
    Header always set Access-Control-Allow-Methods "GET, OPTIONS, POST"
    Header always set Access-Control-Allow-Headers "*"

    SetEnvIf Content-Type "(.*)" HTTP_CONTENT_TYPE=$1
    SetEnvIf X-WP-Nonce "(.*)" HTTP_X_WP_NONCE=$1
    SetEnvIf Accept "(.*)" HTTP_ACCEPT=$1
  </FilesMatch>
...

Regards,
Francisco de Paz

Ah, sorry I thought I’d replied to this.

Turns out it is another plugin I had which restricts access to the woocommerce APIs, and it had a bug where the whitelists were not being saved.

Thanks for all the help, this can be closed now.

Glad to see you were able to solve your issue! We are marking the previous answer as “Solution” and this topic as “Closed”.

If you have any other questions, please do not hesitate to let us know. Feel free to create a new topic referencing this one if necessary.

Best regards,
Jose Antonio Carmona


Was my answer helpful? Click on :heart: