[wp-trac] [WordPress Trac] #39839: Permissions processed differently between REST API and UI access causing 403 error

WordPress Trac noreply at wordpress.org
Fri Feb 10 21:47:40 UTC 2017


#39839: Permissions processed differently between REST API and UI access causing
403 error
-------------------------------+------------------------------
 Reporter:  reldev             |       Owner:
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  REST API           |     Version:  4.7.2
 Severity:  normal             |  Resolution:
 Keywords:  reporter-feedback  |     Focuses:
-------------------------------+------------------------------

Comment (by reldev):

 Replying to [comment:5 rmccue]:
 > From a quick glance, it seems that you might not be passing the nonce
 with the request: https://developer.wordpress.org/rest-api/using-the-rest-
 api/authentication/#cookie-authentication
 >
 > If you don't pass the nonce, the request will be treated as an
 unauthenticated request, and will give you the behaviour you're seeing
 here.

 Thanks for the tip. I am using OAuth and researched it quite heavily to
 get it to work properly with the REST API. I definitely hit this issue at
 one point, but am able to both create and update a post with the same
 authentication routine now so the authentication appears to be working at
 this point. Additionally, I see the correct $user->ID being checked in
 has_cap for this request.

 I also tested with Basic Auth and see the same behavior. I'm testing with
 a fresh install of 4.7.2 now to see if an old plugin has left something
 residual in place.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/39839#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list