jsnmoon
commented
3 years ago @gibrown: Is there someone working on this? This issue actually affects multiple API endpoints (e.g. Scan and Sync) for "private" Jetpack sites.
Open jsnmoon opened 3 years ago
jsnmoon
commented
3 years ago @gibrown: Is there someone working on this? This issue actually affects multiple API endpoints (e.g. Scan and Sync) for "private" Jetpack sites.
gibrown
commented
3 years ago Oh, I misread it when I moved it. No I don't think so. @Automattic/jetpack-crew is this on your radar?
leogermani
commented
3 years ago In general, we are moving as many features as we can to rely only on the blog token. We already planning drop the user authentication requirement for the mentioned endpoints. But I don't think this specific issue was on our radar.
We'll have a look at it.
cc @fgiannar .
fgiannar
commented
3 years ago Hi there!
If I'm not mistaken, Jetpack doesn't offer a "private" site feature.
So the concept of private ( aka blog_public = -1 ) only makes sense in Atomic and VIP sites.
Given that, this shouldn't be a concern.
@jeherve @kraftbj I would appreciate your confirmation on this please. Thanks!
jeherve
commented
3 years ago If I'm not mistaken, Jetpack doesn't offer a "private" site feature So the concept of private ( aka blog_public = -1 ) only makes sense in Atomic and VIP sites.
That's correct. 👍
kraftbj
commented
3 years ago For now, only makes sense for Atomic and VIP. We have https://github.com/Automattic/jetpack/pull/16829 in the pipe to expose a filter to set that for other sites to help ensure that if code is trying to make a site private, they have a way to ensure Jetpack functionality matches that expectation.
Discovered while testing #17121, see p1599861762041900-slack-C82FZ5T4G.
Steps to reproduce the issue
blog_publicoption value to"-1"./wp-admin.What I expected
I expected the search results to appear in the search overlay.
What happened instead
I received a 403 network error with the message
User cannot access this private blog.