=== Novellaire Connect ===
Contributors: veylastudios
Tags: rest-api, application-passwords, publishing, ebook, epub
Requires at least: 5.6
Tested up to: 7.0
Stable tag: 1.1.1
Requires PHP: 7.2
License: GPLv2 or later
License URI: https://www.gnu.org/licenses/gpl-2.0.html

Connect the Novellaire app to your WordPress site so it can publish your books and chapters as posts, even on hosts that block Application Passwords.

== Description ==

**Novellaire Connect** is the companion plugin for the Novellaire e-reader and editor app. Install it on your WordPress site so the app can publish your EPUB books and chapters straight to your site as draft or published posts.

Many modern hosts and security setups quietly block the WordPress feature the app relies on (Application Passwords). This plugin fixes the two most common blockers so the connection "just works":

* **Re-enables Application Passwords** when a CDN/proxy (such as Cloudflare) makes WordPress think the site is not on HTTPS, or when a security plugin has switched the feature off.
* **Rebuilds the Authorization header** that some servers (LiteSpeed, CGI/FastCGI, or reverse proxies) strip before it reaches PHP — the usual cause of a valid Application Password being rejected as "not logged in."

Your normal login password is never used or exposed. The app authenticates with a WordPress Application Password that you create and can revoke at any time.

This plugin is intended for sites served over HTTPS (which is virtually all sites today).

== Installation ==

1. In your WordPress dashboard, go to **Plugins &rarr; Add New Plugin**.
2. Search for **Novellaire Connect**, click **Install Now**, then **Activate**.
   (Or upload the plugin ZIP via **Plugins &rarr; Add New Plugin &rarr; Upload Plugin**.)
3. Go to **Users &rarr; Profile**, scroll to **Application Passwords**, and create one named "Novellaire".
4. In the Novellaire app, open **Tools &rarr; Export to WordPress**, enter your site address, your WordPress username (or account email), and paste the Application Password.
5. Tap **Test** to confirm the connection, then **Publish**.

== Frequently Asked Questions ==

= Is this secure? =
Yes. Your login password is never sent. The app uses a WordPress Application Password — a separate, app-specific credential you can delete at any time from Users &rarr; Profile. The connection travels over your site's HTTPS.

= Do I need this plugin? =
Only if your site blocks Application Passwords (common with Cloudflare or security plugins) or your server strips the Authorization header. On a default WordPress site the app may connect without it, but this plugin makes the connection reliable.

= Does it change my site's content or design? =
No. It only affects how the site authenticates API requests. It adds nothing to your pages, posts, or theme.

== Changelog ==

= 1.1.1 =
* Corrected plugin metadata (Plugin URI), internationalized the admin notice, and hardened handling of server request variables.

= 1.1.0 =
* Rebuild PHP_AUTH_USER / PHP_AUTH_PW from the Authorization header on servers that strip it (LiteSpeed / CGI / reverse proxies).

= 1.0.0 =
* Initial release: re-enable Application Passwords behind a proxy/CDN or when disabled by a security plugin.
