fix(sso): add GlotPress compatibility for cross-domain SSO

[superdav42]

Summary

• Hooks the SSO enqueue_script callback onto GlotPress's gp_head action so the SSO JavaScript loads on GlotPress pages
• Only registers the hook when GlotPress is active (GP_VERSION defined), deferred to plugins_loaded since SSO starts at sunrise

Problem

GlotPress uses its own template system (gp_head()/gp_footer()) instead of WordPress's wp_head()/wp_footer(). The SSO script is registered on wp_head, so it never fires on GlotPress pages. This means cross-domain login is completely broken for translation sites (e.g. translate.example.com) — users log in on the main site but the session is never propagated to the GlotPress subsite.

Root Cause

class-sso.php line 272 hooks enqueue_script to wp_head and login_head, but GlotPress never calls either of those actions. Its header template calls gp_head() which fires the gp_head action instead.

Fix

Register enqueue_script on gp_head in addition to wp_head and login_head. The registration is deferred to plugins_loaded so we can check defined('GP_VERSION') — SSO startup() runs at sunrise before plugins are loaded.

When GlotPress is not installed, GP_VERSION is never defined and the hook is not registered. Even if it were registered unconditionally, it would be a no-op since gp_head would never fire.

Testing

1. Install GlotPress on a multisite subsite with a different domain (e.g. translate.example.com)
2. Enable SSO in Ultimate Multisite settings
3. Log in on the main site
4. Navigate to the GlotPress site — SSO should propagate the session and show you as logged in
5. Without this fix, the GlotPress site always shows "Log in" regardless of main site auth state

Summary by CodeRabbit

• New Features
  • Improved SSO compatibility for GlotPress environments with optimized script initialization when GlotPress is detected and active.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 664babd3-1484-4431-8a31-73c219bb4384

📥 Commits

Reviewing files that changed from the base of the PR and between 3b77af0 and def7ad0.

📒 Files selected for processing (1)

• inc/sso/class-sso.php

---

📝 Walkthrough

Walkthrough

Added deferred registration for SSO head injection script to activate when GlotPress plugin is present. A new plugins_loaded action hook conditionally registers the gp_head script if GP_VERSION is defined, while preserving existing WordPress hooks.

Changes

Cohort / File(s)	Summary
SSO GlotPress Integration inc/sso/class-sso.php	Added conditional hook registration in startup() method to defer SSO head injection script registration until plugins_loaded fires if GlotPress is active. Existing wp_head and login_head hooks remain unchanged.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🐰 A script deferred with graceful care,
When GlotPress dances through the air,
Hooks aligned in perfect time,
WordPress and SSO both combine! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately captures the main change: adding GlotPress compatibility for SSO. It is specific, clear, and directly related to the core objective of enabling SSO on GlotPress pages.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/glotpress-sso-compatibility

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

🔨 Build Complete - Ready for Testing!

📦 Download Build Artifact (Recommended)

Download the zip build, upload to WordPress and test:

• Build: ultimate-multisite
• ⬇️ Download from GitHub Actions
• ⬇️ Download without Github Account (nightly.link)

🌐 Test in WordPress Playground (Very Experimental)

Click the link below to instantly test this PR in your browser - no installation needed!
Playground support for multisite is very limitied, hopefully it will get better in the future.

🚀 Launch in Playground

Login credentials: admin / password

[github-actions]

Performance Test Results

Performance test results for cdfc0c2 are in 🛎️!

Note: the numbers in parentheses show the difference to the previous (baseline) test run. Differences below 2% or 0.5 in absolute values are not shown.

URL: /

Run	DB Queries	Memory	Before Template	Template	WP Total	LCP	TTFB	LCP - TTFB
0	39	37.73 MB	857.00 ms (-33.50 ms / -4% )	158.00 ms (-30.50 ms / -19% )	1074.50 ms (-62.00 ms / -6% )	2032.00 ms (-80.00 ms / -4% )	1945.15 ms (-72.35 ms / -4% )	91.80 ms
1	56	49.02 MB	950.50 ms	151.00 ms	1105.50 ms	2096.00 ms	2015.85 ms	84.05 ms

[superdav42]

Completed via PR #749, merged to main.

Merged by deterministic merge pass (pulse-wrapper.sh). No worker summary was available — the worker either crashed before writing one or this PR predates the merge summary convention.

aidevops.sh v3.6.19 spent 6m on this as a headless bash routine.