Opened 7 weeks ago
Last modified 5 weeks ago
#62577 new defect (bug)
WordPress Rest API broken in 6.7.1
Reported by: | DoingSomeWordpress | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | 6.7.1 |
Component: | REST API | Keywords: | close reporter-feedback |
Focuses: | rest-api | Cc: |
Description
The rest API /?rest_route=/wp/v2/users/me
returns 502 bad gateway in 6.7.1
Downgrading to 6.6.2 fixes the issue.
All plugins are up to date in both versions.
Attachments (2)
Change History (10)
#2
@
7 weeks ago
- Focuses rest-api added
- Keywords reporter-feedback added
Reproduction Report
Environment
- OS: macOS 14.7
- Web Server: Apache 2.x
- PHP: 8.3.3
- WordPress: 6.8-alpha-59274-src
- Browser: Safari 18.0
- Theme: Twenty Twenty-Four
- Active Plugins: None
Actual Results
- ❌ The
/wp/v2/users/me
REST API endpoint is working.
Supplemental Artifacts
#3
follow-up:
↓ 4
@
7 weeks ago
- Keywords dev-feedback needs-testing added
Reproduction Report
This report validates that the issue can be reproduced but found mixed results. I Think we need to test more.
This report validates that the issue can not be reproduced.
Environment
- OS: macOS 14.7.1
- PHP: 8.3
- WordPress: 6.7.1
- Browser: Chrome Version 130.0.6723.117 (Official Build) (arm64)
- Theme: Twenty Twenty-Five
- Active Plugins:
- Gutenberg 13.2.0
Actual Results
-
Mixed: Works with postman but does not work on browser when logged in. - ❌ Works as expected for me.
Additional Notes
- Worked with postman when using basic auth.
- Worked with postman when using JWT.
Does not work as expected on browser.
Supplemental Artifacts
Works with postman:
Does not work on browser (logged in) Expected Behaviour:
#4
in reply to:
↑ 3
;
follow-up:
↓ 5
@
7 weeks ago
Replying to mayanktripathi32:
- Does not work as expected on browser.
I believe this is expected behavior because, in this case, the REST API server doesn't know the identity of the user making the request (e.g., who /me
refers to).
For the request to work, a cookie, authorization headers, or an alternative authentication method provided by a plugin must be used.
I also tested this in WP Playground, and the behavior is consistent between WordPress 6.6
and 6.7
(6.7.1
was not available at the time of testing).
#5
in reply to:
↑ 4
@
7 weeks ago
- Keywords needs-screenshots added; dev-feedback needs-testing removed
- Severity changed from critical to normal
Replying to antonvlasenko:
Replying to mayanktripathi32:
- Does not work as expected on browser.
I believe this is expected behavior because, in this case, the REST API server doesn't know the identity of the user making the request (e.g., who
/me
refers to).
For the request to work, a cookie, authorization headers, or an alternative authentication method provided by a plugin must be used.
I also tested this in WP Playground, and the behavior is consistent between WordPress6.6
and6.7
(6.7.1
was not available at the time of testing).
Understood. In that case, I will update the report to works as expected in 6.7.1 ✅
@DoingSomeWordpress Could you provide us with more information regarding the error? Any logs & screenshots would be helpful.
#6
@
7 weeks ago
Hi, after some more testing, I realized that I was calling the REST API using an admin account. After re-testing 6.7.1 with a different Subscriber account (or any non-admin role), it works fine. However, the admin role is still returning a 502 bad gateway. This worked fine on 6.6.2.
I attached 2 screenshots to the ticket from postman. I do use the latest version of the Simple JWT Login plugin here https://wordpress.org/plugins/simple-jwt-login/ to generate the JWT token, then pass that to the /me endpoint through the Authorization header.
#8
@
5 weeks ago
- Keywords close reporter-feedback added
Reproduction Report
Environment
- OS: macOS 14.7
- Web Server: Apache 2.x
- PHP: 8.4.1
- WordPress: 6.7.2-alpha-59487
- Browser: Safari 18.0
- Theme: Twenty Twenty-Four
- Active Plugins: Simple JWT
Actual Results
- ❌ The
?rest_route=/wp/v2/users/me
REST API endpoint is working.
Supplemental Artifacts
Additional information
I cannot reproduce this bug.
@DoingSomeWordpress
From what I understand while working on this ticket (this is my personal observation and should not be considered technical support), you need to enable auto-login and specify the JWT parameter key (such as email
) in the plugin's settings in order to use the /me
endpoint.
This is because your JWT token must contain user information, and existing tokens need to be refreshed if they don’t include that information.
Configuring third-party plugins is beyond the scope of Core Trac, so I’m marking this ticket as a close candidate.
Please feel free to provide any additional information that can help link this issue to WordPress Core specifically, rather than the Simple JWT plugin, so it can be addressed here. Otherwise, it’s best to contact Simple JWT plugin support.
Thank you for your understanding.
Reproduction Report
Description
This report validates whether the issue can be reproduced.
Environment
Actual Results
❌ Error didn't condition occurs.
Supplemental Artifacts
6.7.1:
6.6.1: