SetEnvIf Authorization “(.*)”
HTTP_AUTHORIZATION=$1
RewriteRule .* –
[E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
indieweb/wordpress-indieauth – write test to make sure HTTP_AUTHORIZATION works
wordpress-indieauth – IndieAuth for WordPress
Work around for shared hosting stripping auth headers seems to be broken. Write test to prove it