Make WordPress Core

Opened 22 months ago

Last modified 6 months ago

#56079 new defect (bug)

Internal rest_do_request calls for posts/CPTs with status of anything but "published" should not need authentication

Reported by: mkormendy's profile mkormendy Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: REST API Keywords:
Focuses: rest-api Cc:

Description (last modified by sabernhardt)

If I am performing an internal rest_do_request() call to a local REST endpoint, I shouldn't need to provide authentication to access posts or custom post types with a status of anything other than "published".

It's an INTERNAL request, it should ALREADY be authenticated by the code running internally already.

Change History (1)

#1 @sabernhardt
6 months ago

  • Component changed from General to REST API
  • Description modified (diff)
Note: See TracTickets for help on using tickets.