search

usefulteam / jwt-auth

WordPress JSON Web Token Authentication
https://wordpress.org/plugins/jwt-auth/
122 stars 48 forks source link

Request Header missing authorization #41

Closed AngryBigCat closed 2 years ago

AngryBigCat commented 2 years ago

When i try to edit the saved page in the admin, it reports an error

request:

POST /wp-json/batch/v1?_locale=user HTTP/1.1
Host: ******.com
Connection: keep-alive
Content-Length: 330
sec-ch-ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
Content-Type: application/json
Accept: application/json, */*;q=0.1
X-WP-Nonce: 0dbb6db3fa
sec-ch-ua-platform: "macOS"
Origin: https://******.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://******.com/wp-admin/widgets.php
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: _ga=GA1.1.1406211796.1631495409; session_prefix=c446c69889d033af4e30307fffbf410b; __gads=ID=aabf2a2960bd4f18-22a58ecf9bcb006c:T=1631495410:RT=1631495410:S=ALNI_MbUylNOr3FHGSEUaOClC6ggaVMCYw; Hm_lvt_0632da004bdbc2cf30e83e362fbe3e19=1631261645,1632273780; wordpress_logged_in_684baaaad6781cc40e3eb2fe5df7a5c8=angrycat123%7C1633576138%7C21580mOAIXzlgdW5xmmFee1Wp2A1WQ3jzJfqLO9zpev%7C4a389108aadc4fcdcbe035631907c999d201da6e0cdb0321adae232de1d7e9e0; wp-settings-1=mfold%3Do%26libraryContent%3Dbrowse; wp-settings-time-1=1632366560; wpcom_panel_nav=0; _ga_ELRHFLW13Q=GS1.1.1632373877.12.1.1632378536.0; Hm_lpvt_0632da004bdbc2cf30e83e362fbe3e19=1632378536

response:

code: "jwt_auth_no_auth_header"
data: []
message: "Authorization header not found."
statusCode: 403
success: false
pesseba commented 2 years ago

You must to add the plugin endpoint in whitelist.

add_filter('jwt_auth_whitelist', function ( $endpoints ) {
    array_push($endpoints,'/wp-json/batch/*');
    return $endpoints;
});
AngryBigCat commented 2 years ago

thank you

ciriousjoker commented 2 years ago

In my case I had to move the filter code into its own plugin as suggested by the JWT Auth readme: