As stated in the official docs, the JSON API CSRF protection only works from within Wordpress.
It is important to keep in mind that this authentication method relies on WordPress cookies. As a result this method is only applicable when the REST API is used inside of WordPress and the current user is logged in. In addition, the current user must have the appropriate capability to perform the action being performed.
Which means anytime I start a Vue development server to build my Vue app, the API will refuse my requests, as there's no WP environment that could provide me with a nonce that I could then pass to the API. Anybody found a workaround for that problem?
As stated in the official docs, the JSON API CSRF protection only works from within Wordpress.
It is important to keep in mind that this authentication method relies on WordPress cookies. As a result this method is only applicable when the REST API is used inside of WordPress and the current user is logged in. In addition, the current user must have the appropriate capability to perform the action being performed.
Which means anytime I start a Vue development server to build my Vue app, the API will refuse my requests, as there's no WP environment that could provide me with a nonce that I could then pass to the API. Anybody found a workaround for that problem?
Share Improve this question edited Sep 28, 2020 at 22:28 fuxia♦ 107k38 gold badges255 silver badges459 bronze badges asked Sep 28, 2020 at 13:04 HansHans 5612 silver badges8 bronze badges1 Answer
Reset to default 1For making authenticated API requests from a third party app, you'll need to install a plugin to give you different methods of authentication.
The most convenient but less secure is Basic Authentication: https://github/WP-API/Basic-Auth, it's appropriate for a local development environment.
This allows you to make authenticated requests by passing username and password in the body of the POST request.
I don't have an example in Vue, as I'm not familiar with its syntax.