Make WordPress Core

Opened 5 years ago

Last modified 5 years ago

#47962 new enhancement

Allow apiRequest to do requests on external WordPress sites

Reported by: imath's profile imath Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version: 5.3
Component: REST API Keywords: has-patch
Focuses: javascript Cc:

Description

Hi,

It's not possible to use the wp.apiRequest function to do REST requests on external WordPress sites as it forces the addition of the X-WP-Nonce header from the site where the request was made which of course doesn't match with the one generated by the external WordPress site. I think it's a bit too bad :(

Here's a Gist to test what I'm describing above on my personal site.

If you run the code, you'll get a cross domain issue:
blocked by CORS policy: Request header field x-wp-nonce is not allowed by Access-Control-Allow-Headers in preflight response.

Now if you run the code after applying the attached patch, you'll get 10 of my posts where I link to this site.

Is there something wrong about allowing these external requests ? Else I think it would be pretty useful.

Attachments (1)

47962.patch (517 bytes) - added by imath 5 years ago.

Download all attachments as: .zip

Change History (2)

Note: See TracTickets for help on using tickets.