WP version is 5.5.3
I have 3 API routes set in a plugin that is used in an admin dashboard page. One route is meant to be used "publicly".
I have two very curious issues happening:
- My 3 admin-centric routes do not specify
permission_callback
. I should be getting notices but I do not when the docs and WP core functions say it will throw adoing_it_wrong
error. - My 4th public route does have
'permission_callback' => '__return_true'
set. I receive arest_not_logged_in
error code.
class My_Plugin
{
public function __construct()
{
add_action( 'rest_api_init', [ &$this, 'register_routes' ] );
}
public function register_routes(): void
{
register_rest_route('my-api-route', '/uri', [
'methods' => WP_REST_Server::READABLE,
'callback' => [&$this, 'api_get_available_stuff'],
]);
register_rest_route('my-api-route', "/uri/(?P<param>[a-zA-Z0-9-]+)", [
'methods' => WP_REST_Server::READABLE,
'callback' => [&$this, 'api_get_specific_stuff'],
]);
register_rest_route('my-api-route', "/uri/(?P<param>[0-9-]+)", [
'methods' => WP_REST_Server::EDITABLE,
'callback' => [&$this, 'api_update_specific_stuff'],
]);
register_rest_route('my-api-route', "/uri/(?P<param>[a-zA-Z0-9-]+)/load-more", [
'methods' => WP_REST_Server::READABLE,
'callback' => [&$this, 'api_load_more_stuff'],
'permission_callback' => '__return_true',
]);
}
}
// header approach
$.ajax({
url: '/wp-json/my-api-route/uri/param/load-more',
method: 'GET',
headers: {
'X-WP-Nonce': '<?php echo wp_create_nonce('wp_rest'); ?>'
},
data: {
'max_items': 5,
'offset': 5 * current_count,
},
})
// _wpnonce approach
$.ajax({
url: '/wp-json/my-api-route/uri/param/load-more',
method: 'GET',
data: {
'_wpnonce': '<?php echo wp_create_nonce('wp_rest'); ?>',
'max_items': 5,
'offset': 5 * current_count,
},
})
My only conclusion could be that, despite seeing "Version 5.5.3" in the bottom corner of WP Admin, I might not actually be on 5.5.3.