Opened 5 years ago
Last modified 5 years ago
#47962 new enhancement
Allow apiRequest to do requests on external WordPress sites
Reported by: | imath | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 5.3 |
Component: | REST API | Keywords: | has-patch |
Focuses: | javascript | Cc: |
Description
Hi,
It's not possible to use the wp.apiRequest
function to do REST requests on external WordPress sites as it forces the addition of the X-WP-Nonce
header from the site where the request was made which of course doesn't match with the one generated by the external WordPress site. I think it's a bit too bad :(
Here's a Gist to test what I'm describing above on my personal site.
If you run the code, you'll get a cross domain issue:
blocked by CORS policy: Request header field x-wp-nonce is not allowed by Access-Control-Allow-Headers in preflight response.
Now if you run the code after applying the attached patch, you'll get 10 of my posts where I link to this site.
Is there something wrong about allowing these external requests ? Else I think it would be pretty useful.
Related Gutenberg issue: https://github.com/WordPress/gutenberg/issues/13491