Open Setyl opened 2 years ago
mmikhan
commented
2 years ago Thanks for bringing this to our attention. I investigated this and was able to reproduce it on our end. However, when I used the wpseo_manage_options as your recommendation in the following, it didn't fix the issue.
So, there's probably something else going on that needs a deeper look. So, I marked it as a bug to ensure it gets attention to our development team.
Setyl
commented
2 years ago Thanks for reaching back. It's right, it won't fix the issue but one can change the editor capability in functions.php, to allow wpseo_manage_options then. Another option is to not send a 401 error. But i think to use the manage_options capability isn't best practice in any means.
mmikhan
commented
2 years ago Prioritized the issue internally: IM-1932
Please give us a description of what happened.
If i'd save a post in Elementor with having the editor role, i get an HTTPAuth prompt because admin-ajax.php tries to send a 401 unauthorized, if the whole site is behind an HTTPAuth.
Please describe what you expected to happen and why.
I'd love to have no prompt at all.
The problem is in the file /wordpress-seo/src/integrations/third-party/elementor.php, line 241-243:
if ( ! \current_user_can( 'manage_options' ) ) { \wp_send_json_error( 'Unauthorized', 401 ); }I'd suggest to use a Yoast capability instead, like 'wpseo_manage_options' as editors dont have 'manage_options'.How can we reproduce this behavior?
Technical info
Used versions