acf-to-rest-api icon indicating copy to clipboard operation
acf-to-rest-api copied to clipboard

Published 20 hours ago verified publisher icon airesvsg

When using JWT Auth, v2 works. But v3 responds even without Authentication :(

Open easaw opened this issue 4 years ago • 0 comments

As the title indicates, v2 is protected, v3 is not.

When I access; /acf/v2/room/123 I get denied if I don't Authenticate.

But when I access; /acf/v3/room/123 I get a full response even without Authentication.

Is there a fix for this?

Please note, I have this as an mu-plugin:

add_filter( 'rest_authentication_errors', function( $result ) {
if ( true === $result || is_wp_error( $result ) ) {
        return $result;
    }
global $wp;
if ( ! is_user_logged_in() && $wp->request !== 'wp-json/aam/v2/authenticate' ) {
    return new WP_Error(
        'rest_no_auth',
        __( 'Not Authorised' ),
        array( 'status' => 401 )
    );
}
    return $result;
});

Thank you

easaw avatar Jan 25 '21 15:01 easaw