-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Secure all rest api endpoints #6
Comments
Or is there a way to validate the token tru PHP? I would like to validate the token on some endpoints. |
Have you tried the "Force login" (https://wordpress.org/plugins/wp-force-login/) plugin? |
Hi, "Force login" plugin doesn't fit 'cause it checks for "if( ! is_user_logged_in())" which doesn't work with JWT or nothing compatible with our APP. Is there a proper/safe way to make the "whitelist" work. We have tried the "1 file plugin" and "function.php" but it doesn't work. |
Ok, after some digging we figured it out. Seems like the problem was the "array_merge" between both arrays. We changed it fot a foreach loop that "pushes" each endpoint and now it works. Oh, btw, it is also a one file plugin 'cause it wouldn't work on the functions.php This is the final code `///////////////////////////////////////// if ( ! defined( 'ABSPATH' ) ) { /----------------------------------------------------------------------------/
add_filter(
); ?> |
I'm interested in this as well. What did you do to restrict the endpoints before adding the whitelist code? |
Hello @shotor @melomontoya @kristjanmar, The tag Please let me know what do you think. Best regards, |
Is there a way to secure all public rest api endpoints?
I'd like to secure the pages endpoint (and any other page) so it's only accessible with an api key. But if I make a request without JWT it just goes through.
I couldn't find a way to change this in the settings
The text was updated successfully, but these errors were encountered: