Make WordPress Core

Opened 3 weeks ago

Closed 12 days ago

#60868 closed defect (bug) (invalid)

Persistence layer tries to make a REST API call to '/wp/v2/users/me' when user is not logged in

Reported by: chamois_blanc's profile chamois_blanc Owned by:
Milestone: Awaiting Review Priority: normal
Severity: minor Version: 6.4.3
Component: Script Loader Keywords:
Focuses: javascript Cc:


The code below from wp-includes/js/dist/preferences-persistence.js tries to make a REST API call to '/wp/v2/users/me?context=edit', even when not logged in. On my site, this returns a 401 (maybe due to a security setting).

Would it not be possible to check whether the user is logged in first, either through some WP JS data or a JS cookie, and not do this call if the user is not logged in?

function create({
  localStorageRestoreKey = 'WP_PREFERENCES_RESTORE_DATA',
  requestDebounceMS = 2500
} = {}) {
  let cache = preloadedData;
  const debouncedApiFetch = debounceAsync((external_wp_apiFetch_default()), requestDebounceMS);
  async function get() {
    if (cache) {
      return cache;
    const user = await external_wp_apiFetch_default()({
      path: '/wp/v2/users/me?context=edit'

Change History (3)

#1 @chamois_blanc
3 weeks ago

Checking that the user is logged in could be as simple as:

const isLoggedIn = document.body.classList.contains('logged-in');

and same remark for the PUT request.

Last edited 3 weeks ago by chamois_blanc (previous) (diff)

#2 @swissspidy
3 weeks ago

  • Component changed from General to Script Loader
  • Focuses rest-api privacy removed
  • Keywords 2nd-opinion removed

Definitely ran into this too.

Best to report this on the Gutenberg repo though where that code is maintained.

The logged-in check must not depend on the DOM, that isn‘t reliable.

#3 @chamois_blanc
12 days ago

  • Resolution set to invalid
  • Status changed from new to closed

Closing as it turns out this was due to the Updraft Central plugin.


Note: See TracTickets for help on using tickets.