permission_callback has no effect

Question

WP version is 5.5.3

I have 3 API routes set in a plugin that is used in an admin dashboard page. One route is meant to be used "publicly".

I have two very curious issues happening:

  1. My 3 admin-centric routes do not specify permission_callback. I should be getting notices but I do not when the docs and WP core functions say it will throw a doing_it_wrong error.
  2. My 4th public route does have 'permission_callback' => '__return_true' set. I receive a rest_not_logged_in error code.
class My_Plugin
{
    public function __construct()
    {
        add_action( 'rest_api_init', [ &$this, 'register_routes' ] );
    }
    
    public function register_routes(): void
    {
        register_rest_route('my-api-route', '/uri', [
            'methods' => WP_REST_Server::READABLE,
            'callback' => [&$this, 'api_get_available_stuff'],
        ]);

        register_rest_route('my-api-route', "/uri/(?P<param>[a-zA-Z0-9-]+)", [
            'methods' => WP_REST_Server::READABLE,
            'callback' => [&$this, 'api_get_specific_stuff'],
        ]);

        register_rest_route('my-api-route', "/uri/(?P<param>[0-9-]+)", [
            'methods' => WP_REST_Server::EDITABLE,
            'callback' => [&$this, 'api_update_specific_stuff'],
        ]);

        register_rest_route('my-api-route', "/uri/(?P<param>[a-zA-Z0-9-]+)/load-more", [
            'methods' => WP_REST_Server::READABLE,
            'callback' => [&$this, 'api_load_more_stuff'],
            'permission_callback' => '__return_true',
        ]);
    }
}
// header approach
$.ajax({
  url: '/wp-json/my-api-route/uri/param/load-more',
  method: 'GET',
  headers: {
    'X-WP-Nonce': '<?php echo wp_create_nonce('wp_rest'); ?>'
  },
  data: {
    'max_items': 5,
    'offset': 5 * current_count,
  },
})

// _wpnonce approach
$.ajax({
  url: '/wp-json/my-api-route/uri/param/load-more',
  method: 'GET',
  data: {
    '_wpnonce': '<?php echo wp_create_nonce('wp_rest'); ?>',
    'max_items': 5,
    'offset': 5 * current_count,
  },
})

My only conclusion could be that, despite seeing "Version 5.5.3" in the bottom corner of WP Admin, I might not actually be on 5.5.3.

0
James Wagoner 2 months 0 Answers 6 views 0

Leave an answer