Closed tomhrtly closed 4 years ago
Hi @tomhrtly , you need to whitelist /wp-json/wp/v2/*
endpoint.
Or do you think it should be whitelisted by default?
@contactjavas Thanks for the quick response, I've tried whitelisting that endpoint but it doesn't work. I personally think all native WP endpoints that do not require authentication should be whitelisted out of the box.
Maybe offering a choice for developers would be the best way forward?
Hi @tomhrtly , it's whitelisted by default in v1.4.0. Please update your plugin. Thanks for your suggestion! :)
@contactjavas I've updated the plugin to v1.4.0 but the issue has not been fixed, can you create a post in Gutenberg in your testing environment? My permalink structure is "Month and name".
I'm still receiving the following error when accessing the wp-json/wp/v2/posts
endpoint:
{
"success": false,
"statusCode": 403,
"code": "jwt_auth_no_auth_header",
"message": "Authorization header not found.",
"data": []
}
Hi @tomhrtly , thanks again for reporting. Yea ofcourse it didn't work. I made mistake when adding it to the default whitelist.
I've tested it this time :) Could you please update to v1.4.1 to see if it works there?
Thanks! Bagus
Expected Behaviour
A new post in Gutenberg should be created as it does without the plugin being activated.
Actual Behaviour
When clicking on "Publish" in Gutenberg, the post says that it has been published but it has not as it does not appear in the database nor on the posts listing page in the dashboard.
This happens even if I whitelist this URL:
/wp-json/wp/v2/posts
Steps to Reproduce the Problem
Additional Information
When activating the plugin, all REST API endpoints are protected even if they are public by default, such as this URL:
/wp-json/wp/v2/posts
, would it be possible to add configuration so that only routes that need authentication require it by JWT?