search

postlight / headless-wp-starter

🔪 WordPress + React Starter Kit: Spin up a WordPress-powered React app in one step
https://archive.postlight.com/labs/wordpress-react-starter-kit
GNU General Public License v2.0
4.48k stars 650 forks source link

Nonce doesn't work for draft previews #267

Open thelucre opened 4 years ago

thelucre commented 4 years ago

I've been digging pretty thoroughly to solve this issue. In Wordpress 5.3.2 and Wordpress 5.4, maybe others, the nonce value isn't working for draft previews. I've tried this both with the Postlight repo and with a barebones install and frontend to make sure it's not plugin- or theme-related.

It appears that the session cookie is not set or sending through with the frontend rest call, therefore the nonce appears to be invalid. Anyone else having this problem with Postlight Headless WP?

I see a couple options moving forward:

  1. Figure out how to get the logged_id session cookie to the frontend domain and passed through with the AJAX request (best case)
  2. Use JWT Auth to make admins login to view draft previews.

Any thoughts on this issue or known workarounds?

Here's a detailed thread: https://wordpress.stackexchange.com/questions/363012/cant-get-draft-posts-via-rest-api-from-headless-frontend

trst commented 4 years ago

Ran into the same issue, would love to see a work around. Would JWT (in your conception @thelucre) require a user logged in the backend of WP to login again on the preview side? Or would there be some mechanism to store a JWT on logging in on the WP side?