[wp-trac] [WordPress Trac] #56079: Internal rest_do_request calls for posts/CPTs with status of anything but "published" should not need authentication
WordPress Trac
noreply at wordpress.org
Tue Oct 31 02:47:42 UTC 2023
#56079: Internal rest_do_request calls for posts/CPTs with status of anything but
"published" should not need authentication
--------------------------+------------------------------
Reporter: mkormendy | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: | Focuses: rest-api
--------------------------+------------------------------
Changes (by sabernhardt):
* component: General => REST API
Old description:
> If I am performing an internal rest_do_request() call to a local REST
> endpoint, I shouldn't need to provide authentication to access posts or
> custom post types with a status of anything other than "published".
>
> It's an INTERNAL request, it should ALREADY be authenticated by the code
> running internally already.
New description:
If I am performing an internal `rest_do_request()` call to a local REST
endpoint, I shouldn't need to provide authentication to access posts or
custom post types with a status of anything other than "published".
It's an INTERNAL request, it should ALREADY be authenticated by the code
running internally already.
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/56079#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list