json/content-control/v2/blockTypes status 403

  • Resolved peter8nss

    (@peter8nss)


    1 year, 4 months ago

    When diagnosing a javascript error, not related to content control, I noticed that I am getting a status code 403 back from <server-name>/wp-json/content-control/v2/blockTypes when doing “Add new post” for anyone other than an administrator.

    It appears that a POST(!) of this REST request occurs when bringing up the “Add new post” page. That of course triggers the EDITABLE permission callback, which only returns true for administrators (or strictly speaking people with ‘manage_options’ or ‘actvate_plugins’ capabilities). Hence, the 403 for non-admins.

    I wouldn’t expect to be getting 403 errors during standard operations. This isn’t urgent, as it is not stopping my system working. However, it suggests to me that this bit of content control is not being called as expected.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Daniel Iser

    (@danieliser)

    @peter8nss – Great catch, I know exactly what is happening and how to address it.

    We scan every load of the block editor for unknown block types and save them via the Rest API.

    There is no built in method to get a full list of all block types since they can be registered various ways, including in JS after the editor is loaded conditionally based on post type etc.

    Our method scrapes them after they are registered and is the only reliable way to get that list, but it shouldn’t throw errors, should probably just not make the request in the first place.

    Thinking ahead I might look to make that scan something you turn on for 60 seconds or something explicit so that its not always running.

    Plugin Author Daniel Iser

    (@danieliser)

    @peter8nss – Patched for v2.1 which goes out sometime in the next week or so before Pro officially launches.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘json/content-control/v2/blockTypes status 403’ is closed to new replies.