Although a little clunky I’ve found a passable solution to this problem using mod_security. To implement this, enable modsecurity in Apache (presumably with a2enmod security). Then edit the config file. On my Ubuntu based systems this is at /etc/modsecurity/modsecurity.conf and as follows: Ensure SecRequestBodyAccess is On (and I assume SecRuleEngine to DetectionOnly). You may also … Read more
Sheepishly: The authorization field needs a space between “Basic” and the token. Problem solved.
The issue arises because the is_user_logged_in() function relies on the authentication cookies being recognized by the WordPress request lifecycle. When you set the authentication cookies using wp_set_auth_cookie(), they are sent to the browser, but they are not yet available to the same request that initiated the cookie setting. The cookies will only be recognized on … Read more
✨ Solution I’m not sure this is the most efficient way to use rest_post_dispatch (documentation) for this purpose (maybe overkill but I didn’t found other way). It works as expected. add_filter(“rest_post_dispatch”, “rest_customize_result”, 10, 3); function rest_customize_result( WP_REST_Response $result, WP_REST_Server $server, WP_REST_Request $request ) { if ( $request->get_route() === “/jwt-auth/v1/token” && $result->get_status() === 403 ) { … Read more
How to secure PDF link when share link to someone?
Custom signup redirection to external URL not working
My guess is, there is a filter causing change to the post content on api call. Could you check if the problem persists only in api or subscriber can see the content on normal page? The Restrict Content by Role plugin might be setting some rules that disallow subscriber role to view content in api … Read more
WP Rest-API response is unauthorized (React)
How to modify username before logging in?
regsiter a new user through WordPress API with Google SSO doesn’t work properly