This commit provides a bulletproof solution for certificate download URLs that works even when WordPress rewrite rules fail.
## The Problem
Certificate URLs (/hvac-certificate/{token}/) were returning 404 errors because WordPress rewrite rules weren't being properly recognized, despite multiple attempts to flush them.
## The Solution
Implemented a parse_request hook that intercepts certificate URLs before WordPress handles routing. This approach:
- Works immediately without needing rewrite rule flushes
- Bypasses WordPress rewrite rule system entirely
- Catches certificate URLs early in the request lifecycle
- Provides same security and functionality as rewrite rules
## Technical Implementation
1. Added parse_request hook with priority 1 in Certificate Security class
2. Uses regex to detect /hvac-certificate/{token}/ pattern in REQUEST_URI
3. Validates token and serves certificate file directly
4. Exits after serving to prevent WordPress 404 handling
## Testing Results
✅ Direct certificate URL test shows handler is working
✅ Invalid tokens show 'Invalid or expired certificate download link'
✅ URLs are intercepted before WordPress 404 handling
## User Action Required
The certificate URL handling is now working. If certificates still don't download:
1. The download tokens may have expired (1 hour limit)
2. Certificate files may be missing from the server
3. New certificates need to be generated with working URLs
Users should:
- Generate new certificates to get fresh download tokens
- Check that certificate files exist in wp-content/uploads/hvac-certificates/
- Ensure .htaccess file exists in certificate directory for security
🤖 Generated with [Claude Code](https://claude.ai/code)
Co-Authored-By: Claude <noreply@anthropic.com>
39eb20e72b