The implementation of this plugin is hidden behind a is_admin() WordPress function.
However, as stated in the documentation:
Does not check if the user is an administrator; use current_user_can()
for checking roles and capabilities.
This commit is about ensuring that the cloudflare_proxy action on the
/admin-ajax endpoint is correctly limited to Administrator users only
before making any call via the Proxy to Cloudflare.
✅ Testing plan
Update the mocked tests which were rightfully failing due to non-Administrator
calls.
🔖 Summary
The implementation of this plugin is hidden behind a
is_admin()
WordPress function. However, as stated in the documentation:This commit is about ensuring that the
cloudflare_proxy
action on the /admin-ajax endpoint is correctly limited to Administrator users only before making any call via the Proxy to Cloudflare.✅ Testing plan
Update the mocked tests which were rightfully failing due to non-Administrator calls.