Though I have logged in, I cannot create a post on frontend. WordPress always return 401 Unauthorized response.
I have dumped $_COOKIE
to make sure logged-in cookie was set and got something like this:
array(1) {
["wordpress_logged_in_48f880f2beac6f39fb9ea8d9367e86d6"]=>
string(125) "admin|1495526369|PwQIf1tAM5khs2f6LKMgf0T7fP1RwHjl9T6OWW90QfD|6d3373f1a05f2fcbfccc429035b0519a012d3224f725b82d6f253a98862b072d"
}
I have read entire REST API Handbook and many tuts:
When you log in to your dashboard, this sets up the cookies correctly
for you, so plugin and theme developers need only to have a logged-in user.
but I cannot get it to work. Am I missing something or it only works on admin dashboard?
Here is my source code:
// Localized data
/* <![CDATA[ */
var appData = {"routes":{"restUrl":"\/wp-json\/wp\/v2"}};
/* ]]> */
// Post model
App.Model.Post = Backbone.Model.extend({
urlRoot: appData.routes.restUrl + '/posts'
}
// Init
$(document).ready(function() {
var post = new App.Model.Post({
title: 'Posted via REST API',
content: 'Lorem Ipsum is simply dummy text of the printing and typesetting industry.',
});
var xhr = post.save(null, {
success: function(model, response, options) {
console.log(response);
},
error: function(model, response, options) {
console.log(response);
}
});
});
2 s
It looks like you’re missing the nonce part, as explained in the Authentication chapter, in the REST API Handbook:
Cookie authentication is the basic authentication method included with
WordPress. When you log in to your dashboard, this sets up the cookies
correctly for you, so plugin and theme developers need only to have a
logged-in user.However, the REST API includes a technique called nonces to avoid CSRF
issues. This prevents other sites from forcing you to perform actions
without explicitly intending to do so. This requires slightly special
handling for the API.For developers using the built-in Javascript API, this is handled
automatically for you. This is the recommended way to use the API for
plugins and themes. Custom data models can extend wp.api.models.Base
to ensure this is sent correctly for any custom requests.For developers making manual Ajax requests, the nonce will need to be
passed with each request. The API uses nonces with the action set to
wp_rest
. These can then be passed to the API via the_wpnonce
data
parameter (either POST data or in the query for GET requests), or via
theX-WP-Nonce
header.
Based on the Backbone JavaScript Client chapter, we can use the core wp-api
REST API Backbone client library.
Here’s your modified snippet in a /js/test.js
script file in the current theme directory:
wp.api.loadPromise.done( function() {
// Create a new post
var post = new wp.api.models.Post(
{
title: 'Posted via REST API',
content: 'Lorem Ipsum ... ',
status: 'draft', // 'draft' is default, 'publish' to publish it
}
);
var xhr = post.save( null, {
success: function(model, response, options) {
console.log(response);
},
error: function(model, response, options) {
console.log(response);
}
});
});
where we enqueue the wp-api client library and our test script with:
add_action( 'wp_enqueue_scripts', function()
{
wp_enqueue_script( 'wp-api' );
wp_enqueue_script( 'test_script', get_theme_file_uri( '/js/test.js' ), [ 'wp-api' ] );
} );
within functions.php
file in the current theme.
Note that this test script just creates a new post draft, during each page load on the front-end, for a logged in user with the capability to create new posts.