Closed szepeviktor closed 2 months ago
workaround: adding && $route !== '/wp/v2/users/me'
I'm not sure what you're asking, but if you want to detect an internal REST API request you unfortunately might need to look at the request with wp_is_json_request()
. Although a REST API HTTP request could still perform an internal REST API request, so you'd need to account for that.
Thank you for your comment.
I decided - instead of deleting WordPress from the Internet - to bail out early in the filter hook when wp_is_json_request()
returns false.
In the
rest_post_dispatch
filter I have an authentication problem for editors. https://github.com/szepeviktor/waf4wordpress/blob/5938f721e6cb23562b4f2bdae44ef57c68ea3d00/src/CoreEvents.php#L447-L451 Editor don't havelist_users
permission.GET /wp-admin/post-new.php
request?@johnbillion Please help me.