permission_callback is not working

  • Nick Papazetis

    (@papazetis)


    2 months, 4 weeks ago

    Hello.

    I have created a custom endpoint and added it to WP REST Cache using the wp_rest_cache/allowed_endpoints filter. I also used the wp_rest_cache/determine_object_type filter to set the object type.

    However, the permission_callback does not work when the request is cached. This means it bypasses the permission_callback function and returns the cached response.

    Is there any fix for this?

    Thank you!

Viewing 1 replies (of 1 total)
  • Plugin Author Richard Korthuis

    (@rockfire)

    2 months, 2 weeks ago

    Hi @papazetis

    Thank you for using our plugin!

    The reason this happens is because of how our plugin is set up. It hooks into the WordPress process really early (using a mu-plugin) to check if a cache is available for the current REST request. If so it returns the cache and quits the rest of WordPress process. So any actions done by plugins or other code (like for the permission_callback) isn’t executed anymore.

    Now there are two possible solutions I see to your issue. One is to save the authorization header, like I described in my response here: https://wordpress.org/support/topic/private-cache-for-rest-endpoints-with-a-authorization-header/#post-12813691

    The other one is to hook into the filter wp_rest_cache/skip_caching and do your permission check there and have it return true if there is no permission (i.e. have it skip caching in this case and therefore returning the response as if no caching exists). Please keep in mind that using that filter would require you to do so from a mu-plugin which comes alfabetically before wp-rest-cache.php

Viewing 1 replies (of 1 total)

You must be logged in to reply to this topic.