Whitelist not working

[ghost]

Not sure if I am doing something wrong here but I can't get the whitelist function to work. I have tried it in functions.php and in a plugin but I still get a 403 error.

Basic example:

add_filter( 'jwt_auth_whitelist', function ( $endpoints ) {
    return array(
        '/wp-json/custom/v1/*',
    );
} );

function hello_world( $data ) {
    return 'Hello World';
}

add_action( 'rest_api_init', function () {
    register_rest_route( 'custom/v1', 'test', array(
        'methods'  => 'GET',
        'callback' => 'hello_world',
    ) );
} );

[dominic-ks]

@Jonofat Have you tested this on a fresh WP install or with no other plugins activated etc? I just tested your code and it works for me.

[ghost]

Hi, thanks for your response. What I just noticed is that it doesn’t work on localhost but is working on a live server. Makes it a bit difficult for testing before taking live but at least it works on the live server. Any idea why not on localhost (using MAMP) ?

On 12 Jan 2021, at 11:14, dominic-ks notifications@github.com wrote:

@Jonofat https://github.com/Jonofat Have you tested this on a fresh WP install or with no other plugins activated etc? I just tested your code and it works for me.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/usefulteam/jwt-auth/issues/23#issuecomment-758518088, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG7HWLKABBUCPSDDWNSLFUTSZQHIDANCNFSM4V6WBEQQ.

[dominic-ks]

@Jonofat I don't know the answer to that, I don't work with a Mac and have mostly given up developing WordPress locally in that way. A better way is to look into using VVV with Vagrant / Virtualbox since you can then run an environment locally that will be more representative of what you're using for hosting.

[ghost]

Ah, I see. Thanks for the info, I will check it out!

On 12 Jan 2021, at 11:23, dominic-ks notifications@github.com wrote:

@Jonofat https://github.com/Jonofat I don't know the answer to that, I don't work with a Mac and have mostly given up developing WordPress locally in that way. A better way is to look into using VVV with Vagrant / Virtualbox since you can then run an environment locally that will be more representative of what you're using for hosting.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/usefulteam/jwt-auth/issues/23#issuecomment-758523552, or unsubscribe https://github.com/notifications/unsubscribe-auth/AG7HWLNC7MN6TIBOE3FHVT3SZQIJ7ANCNFSM4V6WBEQQ.

[contactjavas]

Hey Guys, i think there was an issue with subdir install like http://site.local/yourwpinstall

It used to be fixed if you can change it to something like http://yourwpinstall.local

Pada tanggal Sel, 12 Jan 2021 16:24, Jonofat notifications@github.com menulis:

Ah, I see. Thanks for the info, I will check it out!

On 12 Jan 2021, at 11:23, dominic-ks notifications@github.com wrote:

@Jonofat https://github.com/Jonofat I don't know the answer to that, I don't work with a Mac and have mostly given up developing WordPress locally in that way. A better way is to look into using VVV with Vagrant / Virtualbox since you can then run an environment locally that will be more representative of what you're using for hosting.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub < https://github.com/usefulteam/jwt-auth/issues/23#issuecomment-758523552>, or unsubscribe < https://github.com/notifications/unsubscribe-auth/AG7HWLNC7MN6TIBOE3FHVT3SZQIJ7ANCNFSM4V6WBEQQ .

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/usefulteam/jwt-auth/issues/23#issuecomment-758524233, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGFDFTHY4LISY55SXPOYMYDSZQIOFANCNFSM4V6WBEQQ .

[GaetanOclock]

Hi, The fix for #2 should be extended to https://github.com/usefulteam/jwt-auth/blob/91b2a59fd106b4a444e15b8f8dcd4100cfbc1d7e/class-auth.php#L522

should become :

$endpoint = home_url( '/' . $endpoint, 'relative' );

if ( $endpoint === $request_uri ) {

[ghost]

Thank you! I have another pressing issue though, which is how do you whitelist another website url? I am making a connection to Moodle using the Edwiser plugin but the connection fails on Moodle's side. If I disable this plugin it works.

This clearly doesn't work

add_filter( 'jwt_auth_whitelist', function ( $endpoints ) {
    return array(
        'https://mymoddlesite.com/*'
    );
} );

[ciriousjoker]

In my case I had to move the filter code into its own plugin as suggested by the JWT Auth readme:

• Create ./myplugin/index.php
• Add the filter code as described in the JWT Auth readme
• Upload the folder as myplugin.zip & activate it