Does jQuery/Ajax send cookies when using the rest API or do I need to somehow add them?

No, you are not passing cookies with jQuery AJAX calls .. certainly not via Cross-domain access.

If you’re going to use jQuery to pass data, you need to pass the current user ID and use get_userdata($userid) to determine whether the user has the correct capabilities.

Server side:

$jQuery_user = get_userdata($_POST['user_id']);
if(!user_can($jQuery_user,'publish_posts')){
   return array('reply'=>0,'error'=>'Forbidden','code'=>'403');
}

Client side:

// Be sure your form can somehow provide the currently logged in user id, hidden or otherwise.
var idata = {};
idata['url']    = form.find('#attachment').val();
idata['nOnce']  = form.find('#nOnce').val();
// if you have a nonce, you should be able to get user_id
iData['user_id'] = jQuery('#user_id').val(); 
// snip (etc.)
jQuery.ajax({
    type: "POST",
    url: vars.path+'/post',
    data: JSON.stringify(idata),
    contentType: "application/json; charset=utf-8",
    crossDomain: true,
    dataType: "json",
    success: function (data, status, jqXHR) {
        // snip
    },

    error: function (jqXHR, status) {
        // snip
    }
});

Related Posts:

  1. How to: Make JWT-authenticated requests to the WordPress API
  2. Why is my custom API endpoint not working?
  3. WordPress REST API validation
  4. Are there server performance benefits to fetching only specific fields when querying the REST API?
  5. How to define a query parameter with REST API?
  6. How do I correctly setup an AJAX nonce for WordPress REST API?
  7. WordPress Rest API: How do we validate with our custom API key?
  8. Adding WordPress API Endpoint With Multiple Parameters
  9. Using the REST API (v2) javascript client on a private namespaced route
  10. authentication issue with rest api – rest_cannot_create
  11. Match REST API post output from custom endpoint
  12. rest api authentication
  13. rest_post_query on multiple post types?
  14. Does accessing WordPress via REST API affect the site stats and analytics?
  15. x-wp-nonce is not allowed by Access-Control-Allow-Headers in preflight response
  16. How to get around WP REST API per page limit without pagination?
  17. How to properly add custom entities in Gutenberg
  18. REST API custom endpoint without authentication for POST method?
  19. CORS & Remote access to WP via RestAPI
  20. Create Session with JWT
  21. WP REST API returns incorrect data?
  22. WP API ignores filter parameter
  23. WordPress doesn’t send a notification email when submitting a comment using REST API
  24. Using WordPress RESTapi to call a php file instead of post or page
  25. WordPress REST API – Modify JSON before importing
  26. pagination in WP rest api
  27. How to use REST API to send user metadata?
  28. Can the new REST API now make WP into it’s own push notification server?
  29. Confused about AngularJS and WordPress
  30. Custom Rest API POST endpoint with conditionally required parameters
  31. Post API tax_relation field doesn’t work
  32. How to post an unserialized array via wordpress rest API as meta data
  33. Use the backbone.js client to save custom post type meta
  34. Override WordPress POST REST API
  35. Creating a custom endpoint for rest, I see the endpoint exists in the wp-json, but the request is returning 404
  36. WordPress + Vue — Single page app giving me 404s when I use query params
  37. No ‘Access-Control-Allow-Origin’ when call rest API
  38. Get subscribers via REST API and send post notification
  39. How do I add meta when creating a post with rest api?
  40. How to Get Featured Image from REST API?
  41. Allow “wp-admin” edit access through headless WP web application
  42. WordPress + REST API v2 and private pages Load by slug
  43. Change permissions on REST api?
  44. PHP: authenticate for a REST request?
  45. Is it Ok to restrict Access-Control-Allow-Origin for /wp-json requests?
  46. Validate rest-api call on create
  47. Error invalid parameters with REST API
  48. How to get featured image in WP rest api
  49. Authenticate current user to REST API
  50. WordPress REST API rest_comment_invalid_author Sorry, you are not allowed to edit ‘author’ for comments
  51. How to delete user using rest api without reassigning
  52. How to send the body in wp_remote_post as “raw”?
  53. Accessing private posts through REST API, same code that works in remote doesn’t in local
  54. REST API and filtering by meta value
  55. Rest API: trouble receiving response through script (browser and Postman display correctly)
  56. Advanced Access Manager: RESTful endpoint to refresh token
  57. Custom Endpoints not working
  58. Is there a way I can fetch the WordPress Developer Code References with an API?
  59. `WP_REST_Controller::get_endpoint_args_for_item_schema` Does Not Set `required` Property from Schema
  60. Pull in ALL posts from the last two weeks using Rest API
  61. 403 error when publishing a post in wordpress. Error => Publishing failed. The response is not a valid JSON response
  62. Error message: Response is not a valid JSON response
  63. How to use query parameters, as “_fields”, to filter data inside an array in the REST API?
  64. WordPress server banning IP
  65. Cannot use WordPress Application Passwords: “code”: “rest_no_route” “status”:404 for /wp-json/wp/v2/users/me/application-passwords
  66. Pass multiple tags slug to rest API
  67. Return a WP_REST_Response from an inner function (and not from the root callback)
  68. register_rest_route with method POST but in wp-json/ is showing GET
  69. Rest Api fetching only one random post
  70. WP REST API returns empty posts despite entries in wp_posts
  71. Accessing Custom REST endpoint with rest_do_request()
  72. WP CLI in WP 5.3 with PHP 7.4
  73. The REST API encountered an error in wordpress?
  74. Get wordpress post with featured image, category and tag from WordPress API
  75. Do something when publish a post in Gutenberg with hook rest_after_insert_post
  76. Uploading picture via REST API
  77. How to modify the HTML output of Gutenberg block? (Youtube)
  78. Can I use REST API if the site is protected with .htpasswd
  79. REST API and Loopback error
  80. Rest API: Register and Login errors aren’t specific
  81. How can I secure my custom rest api endpoint or add under a already existing rest group
  82. WordPress single page website redirect to index.html
  83. How to get the most recently updated orders via the REST API?
  84. Autotrader API Integration
  85. WordPress RESTAPI – Restrict unknown
  86. WordPress Rest API Error 502
  87. Fix Characters WordPress Ionic App
  88. Accessing secure endpoint with X-WP-Nonce?
  89. Return all custom taxonomy terms for post in REST API v2? Currently limited to 10 terms
  90. Can we use website data which is having wp rest api plugin?
  91. how can I add an URL parameter to a rest route using register_rest_route()?
  92. Is it possible to bulk update a table using WP Rest API?
  93. Rest api request throttling
  94. Is my WordPress site handing out sensitive information/misconfigured?
  95. How can I set the default ‘orderby’ and ‘order’ parameters for a REST API call?
  96. get the current logged in user using WooCommerce API in React App [closed]
  97. What filtering is available for backbone.js?
  98. How to limit what fields are returned through the WP API Backbone JS client
  99. Woocommerce API for calling products by Category ID
  100. wordpress rest api authentication failed

Leave a Comment