Make WordPress Core

Opened 15 months ago

#56079 new defect (bug)

Internal rest_do_request calls for posts/CPTs with status of anything but "published" should not need authentication

Reported by: mkormendy's profile mkormendy Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: General Keywords:
Focuses: rest-api Cc:

Description

If I am performing an internal rest_do_request() call to a local REST endpoint, I shouldn't need to provide authentication to access posts or custom post types with a status of anything other than "published".

It's an INTERNAL request, it should ALREADY be authenticated by the code running internally already.

Change History (0)

Note: See TracTickets for help on using tickets.