[wp-trac] [WordPress Trac] #39839: Permissions processed differently between REST API and UI access causing 403 error
WordPress Trac
noreply at wordpress.org
Fri Feb 10 21:47:40 UTC 2017
#39839: Permissions processed differently between REST API and UI access causing
403 error
-------------------------------+------------------------------
Reporter: reldev | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: 4.7.2
Severity: normal | Resolution:
Keywords: reporter-feedback | Focuses:
-------------------------------+------------------------------
Comment (by reldev):
Replying to [comment:5 rmccue]:
> From a quick glance, it seems that you might not be passing the nonce
with the request: https://developer.wordpress.org/rest-api/using-the-rest-
api/authentication/#cookie-authentication
>
> If you don't pass the nonce, the request will be treated as an
unauthenticated request, and will give you the behaviour you're seeing
here.
Thanks for the tip. I am using OAuth and researched it quite heavily to
get it to work properly with the REST API. I definitely hit this issue at
one point, but am able to both create and update a post with the same
authentication routine now so the authentication appears to be working at
this point. Additionally, I see the correct $user->ID being checked in
has_cap for this request.
I also tested with Basic Auth and see the same behavior. I'm testing with
a fresh install of 4.7.2 now to see if an old plugin has left something
residual in place.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39839#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list