Opened 15 months ago
#56079 new defect (bug)
Internal rest_do_request calls for posts/CPTs with status of anything but "published" should not need authentication
Reported by: |
|
Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | General | Keywords: | |
Focuses: | rest-api | Cc: |
Description
If I am performing an internal rest_do_request() call to a local REST endpoint, I shouldn't need to provide authentication to access posts or custom post types with a status of anything other than "published".
It's an INTERNAL request, it should ALREADY be authenticated by the code running internally already.
Note: See
TracTickets for help on using
tickets.