Commit 74b048f4 authored by ale's avatar ale
Browse files

Only apply auth filter to core WP REST API requests

This should make the plugin compatible with other plugins that serve
"public" info on REST-like endpoints, like Activitypub.
parent 1062fd8f
Pipeline #43125 passed with stage
in 6 seconds
......@@ -10,11 +10,12 @@
* License URI: http://opensource.org/licenses/MIT
*/
function ai_authenticate_rest_api_is_well_known_request() {
function ai_authenticate_rest_api_is_wp_rest_api_request() {
// Identify "core" WP REST API requests, by their URL prefix.
return strncmp(
$_SERVER['REQUEST_URI'],
'/.well-known/',
strlen('/.well-known/')) == 0;
'/wp/v2/',
strlen('/wp/v2/')) == 0;
}
add_filter('rest_authentication_errors', function($result) {
......@@ -25,9 +26,10 @@ add_filter('rest_authentication_errors', function($result) {
}
// No authentication has been performed yet.
// Return an error if user is not logged in.
// Return an error if user is not logged in, but only if we
// think the request is for the main WP REST API.
if (!is_user_logged_in() &&
!ai_authenticate_rest_api_is_well_known_request()) {
ai_authenticate_rest_api_is_wp_rest_api_request()) {
return new WP_Error(
'rest_not_logged_in',
__('You are not currently logged in.'),
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment