Ajax REST call is ignoring Basic Auth

  • Hello all,

    I am trying to make a REST call (which requires authorization) to WordPress from an external site. I read the documentation and installed the required plugin for Basic Auth to work.

    When making a request through Postman it is working just fine. But when making the Ajax request (jQuery) from my external site it seems like the request is always trying to use the WordPress cookie instead of Basic Authentication or it is trying to make the request without any authorization at all. I am always getting a 401 error.

    I tried many ways to set the authorization information and none of them worked so far: beforeSend, headers field, … It just gets ignored, even putting invalid credentials doesn’t affect anything. Checking on the request in Chrome Dev Tools reveals that the Authorization Header is set in the request headers.

    What do I have to do to make a REST call (I am trying to add a comment to a post) from an external site? I am grateful for any insights!

    • This topic was modified 6 years, 6 months ago by dukan90.
    • This topic was modified 6 years, 6 months ago by dukan90.
Viewing 3 replies - 1 through 3 (of 3 total)
  • Moderator bcworkz

    (@bcworkz)

    You’re using the Basic-Auth plugin? Be advised that is not very secure. I suggest one of the other options.

    To use Ajax techniques with Basic-Auth, I would focus on authorizing by sending a proper “Authorization” header constructed like the WP_Http example in my first link. Except use jQuery/JavaScript code to do so. Base64 encode with btoa() (limited to 8 bit chars). Send headers with the beforeSend: .ajax() parameter. I believe this is done with xhr.setRequestHeader(), but we’re getting outside my area of expertise.

    Thread Starter dukan90

    (@dukan90)

    That’s exactly what i have done: sending proper Authorization Headers, with btoa() encoding, etc.. I tried so many variants I found on the internet and nothing worked so far. Everytime the authorization header seems to get ignored and the authorization cookie of the current logged in user is used (when I am inside the wordpress context of course, otherwise 401 error).

    Regarding different authorization methods: I tried to use the OAuth approach but I am not sure if this method is the way to go for my use case: essentially I have a client side only application (HTML/JS) and I want to make authenticated requests to the WordPress API. How would I approach this in general?

    Moderator bcworkz

    (@bcworkz)

    What client specifically? Browser? I’d just stay with cookie authentication in that case, or make conventional Ajax requests. I’m not sure where oAuth would not be appropriate. Admittedly, it is tricky to setup. There are a couple other options as well. Check the “other options” link in my last reply. JSON Web Tokens sounds perfect for a JS app, though I’ve no experience with it.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Ajax REST call is ignoring Basic Auth’ is closed to new replies.