Yes, you open your site to being requested via AJAX to any other script in the whole web. It would be better if you limit the origin to one specific remote domain from which you are consuming the API, like this example: header(“Access-Control-Allow-Origin: http://mozilla.com”); However as the mozilla documentation states, a client can fork the … Read more
You personally might not need or rely on the WP REST API, but clearly Contact Form 7 does. And so does WordPress core. Especially future versions (think Gutenberg) will heavily rely on the REST API and won‘t work without it. There might be plugins that disable the API, but that‘s at your own risk and … Read more
Maybe start with just GET. Your route looks weird as well. Try just: register_rest_route(‘my-project/v1’, ‘/action/’, [ ‘methods’ => WP_REST_Server::READABLE, ‘callback’ => ‘api_method’, ]); And your callback is not returning a valid response. Let your callback look more like this: $data = [ ‘foo’ => ‘bar’ ]; $response = new WP_REST_Response($data, 200); // Set headers. $response->set_headers([ … Read more
You should pass the special wp_rest nonce as part of the request. Without it, the global $current_user object will not be available in your REST class. You can pass this from several ways, from $_GET to $_POST to headers. The action nonce is optional. If you add it, you can’t use the REST endpoint from … Read more
The REST API included in WordPress doesn’t actually have authentication built into it. If you do normal authentication in WordPress by logging in, then your browser will receive a set of cookies. If you send those cookies along with your request, then that will authenticate you to perform the actions in question. If you need … Read more
Slow REST API calls on self-hosted WordPress [closed]
You have rewrite_rules in wp_options table. From there your app can have idea of what the wordpress is going to rewrite in future and how it is going to rewrite after index.php. You can use regex in JS with wp_options data to customise your app response. UPDATE Here is block of code I needed to … Read more
Try the suggestion below: This assumes the <figure> element holding an image has a data-display-alignment attribute to match the alignment class applied attached that is somehow surfaced as a parameter in the wp_calculate_image_sizes hook: /** * Add custom image sizes attribute to enhance responsive image functionality * for content images. * * @param string $sizes … Read more
This is an old question, but the current REST API indicates that the X-WP-NONCE header should be set via the beforeSend callback. The following is directly from the REST API docs. .ajax( { url: wpApiSettings.root + ‘wp/v2/posts/1’, method: ‘POST’, beforeSend: function ( xhr ) { xhr.setRequestHeader( ‘X-WP-Nonce’, wpApiSettings.nonce ); }, data:{ ‘title’ : ‘Hello Moon’ … Read more
Unfortunately, this functionality is not natively supported out of the box. In detail, the problem is that most post types including page use the base WP_REST_Posts_Controller which maps the slug parameter to the post_name__in WP_Query argument, which does not facilitate resolving hierarchical slugs. The pagename query variable does, however – but only one per query, … Read more