400 on every request with status param

[billyjacoby]

Every time I try to send a request to get "private" or "any" posts from my API i get a 400 error due to pre-flight checks in the browser.

Postman gets the correct response, but axios and fetch cannot.

Postman gets correct responses from an OPTIONS request too, so I'm not sure why this error is being thrown.

my request is as follows:

and the error I keep getting in the console is as follow:

My Postman request is as follows:

and my .htaccess:

EDIT:

Even when I try to hit that API endpoint from a browser, i get an error:

This is leading me to believe that it might be something with the actual wp rest api?

This error has been killing me, and im at the end of my rope. If anyone has any help with this issue it would be a life saver!

[jon1wt]

the problem is in the CORS, you can try with this on the functions, the problem are in the calls from localhost, and you can remove this when your app are in production

// Hook to allow headers and cors things on rest api
add_action( 'rest_api_init', 'wp_rest_allow_all_cors', 15 );
/**
 * Allow all CORS.
 *
 * @since 1.0.0
 */
function wp_rest_allow_all_cors() {
  // Remove the default filter.
  remove_filter( 'rest_pre_serve_request', 'rest_send_cors_headers' );
  // Add a Custom filter.
  add_filter( 'rest_pre_serve_request', function( $value ) {
    header( 'Access-Control-Allow-Origin: *' );
    header( 'Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE' );
    header( 'Access-Control-Allow-Credentials: true' );
    header( 'Access-Control-Allow-Headers: cache-control, X-WP-Nonce, Authorization, Content-Type, Access-Control-Allow-Headers, Accept' );
    return $value;
  });
}

[billyjacoby]

so this just goes in my wp-content/wp-includes/functions.php file?

Edit:

I added this to the bottom of the file, and it hasn't changed anything.

[jon1wt]

yes in functions.php, try adding the code on the top

[billyjacoby]

Tried at the top too, no change =/

[jon1wt]

it's weird, it's a CORS error and that should fix it, it's not a plugin error, google the error in the CORS according to the development of your app

[billyjacoby]

I’ve been googling that and I’ve tried everything I’ve come across, no luck.

I don’t think its a CORS error because the request works from Postman, but then the browser shows the 400 error.

Would you mind sharing how you make an authenticated request to get a private post, or something similar?

On Feb 14, 2019, at 20:38, Jon González notifications@github.com wrote:

yes in functions.php, try adding the code on the top

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[jon1wt]

I had the same error of CORS with the request of a list of editor users on an Angular app working on local, on postman work but on localhost don't work, and then I try the code I share and work fine

[billyjacoby]

Ill push to the dev branch and see if it works, but being as when I type the same request in the browser address bar I still get the error, I’m not too hopeful.

On Feb 14, 2019, at 21:11, Jon González notifications@github.com wrote:

I had the same error of CORS with the request of a list of editor users on an Angular app working on local, on postman work but on localhost don't work, and then I try the code I share and work fine

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub, or mute the thread.

[billyjacoby]

Okay, So I've tried using this from the web and it hasn't worked either.

Even when i try to view a specific private post by ID I'm getting a 401 error, even though it works in Postman.

There has to be something weird going on here that we can figure out. Looking through the issues, it seems that multiple people are having issues that are all related.

[rocifier]

In all of the info and screenshots, you didn't show which url you are making the api request from in the browser. That is the most important information for CORS..

[billyjacoby]

@rocifier I've tried making the requests from multiple different locations in the browser. localhost is where I'm testing and getting most of the errors, but even when i try to access the url by typing it in the browser i get a 400 error.

I've tried deploying it to billyjacoby.com and Impact getting the same errors in the console from there as well.

I still have no solution to this issue and its been killing me for over a week now, i'll try anything at this point lol.

[billyjacoby]

this was apparently an issue with the hosting provider i was using.

For anyone else who pulls their hair out over this, Namecheap's EasyWP will not work with this...

[rocifier]

Using localhost is just straight not going to work for CORS these days. It is much better to modify your HOSTS file with a legitimate looking domain name (in your case maybe something like billyjacoby-dev.com mapped to 127.0.0.1). This is what I do and everything works for me locally.

[billyjacoby]

localhost works fine now that I figured out the problem was with the hosting provider.

and either way, i had been trying from a varlet of different hostnames. I’ve never had issue developing from localhost either.

[Mulli]

What was the problem? Thanks

[billyjacoby]

the hosting service i was using wouldn’t allow the necessary CORs requirements to hit the api.

[thestevenkwok]

I encountered the 400 error as well, but not sure if it was related to the CORs issue like your case. I used PHP Curl to send the request and I found a solution to avoid 400: https://stackoverflow.com/questions/32944441/how-to-resolve-http-1-1-400-bad-request-in-curl-php

Add an empty array to CURLOPT_POSTFIELDS the option.