Open jsnmoon opened 3 years ago
@gibrown: Is there someone working on this? This issue actually affects multiple API endpoints (e.g. Scan and Sync) for "private" Jetpack sites.
Oh, I misread it when I moved it. No I don't think so. @Automattic/jetpack-crew is this on your radar?
In general, we are moving as many features as we can to rely only on the blog token. We already planning drop the user authentication requirement for the mentioned endpoints. But I don't think this specific issue was on our radar.
We'll have a look at it.
cc @fgiannar .
Hi there!
If I'm not mistaken, Jetpack doesn't offer a "private" site feature.
So the concept of private ( aka blog_public
= -1 ) only makes sense in Atomic and VIP sites.
Given that, this shouldn't be a concern.
@jeherve @kraftbj I would appreciate your confirmation on this please. Thanks!
If I'm not mistaken, Jetpack doesn't offer a "private" site feature So the concept of private ( aka blog_public = -1 ) only makes sense in Atomic and VIP sites.
That's correct. 👍
For now, only makes sense for Atomic and VIP. We have https://github.com/Automattic/jetpack/pull/16829 in the pipe to expose a filter to set that for other sites to help ensure that if code is trying to make a site private, they have a way to ensure Jetpack functionality matches that expectation.
Discovered while testing #17121, see p1599861762041900-slack-C82FZ5T4G.
Steps to reproduce the issue
blog_public
option value to"-1"
./wp-admin
.What I expected
I expected the search results to appear in the search overlay.
What happened instead
I received a 403 network error with the message
User cannot access this private blog.