403 Forbidden status code. A 200 Okay is needed to proceed with the request. I expect this is something in the configuration of my WordPress site or, more likely, in the server on which it is hosted. I expect WordPress or the JWT Auth plugin should be handling this response properly, but that may not be. Full response and request headers are below.
I’ve been scouring the internet for fixes to this and haven’t been able to locate any good direction on how to proceed. Any assistance or thoughts will be appreciated. Thanks!
Note: I realize this endpoint doesn’t need authentication, but others I plan to hit will.
—–
General:
Request URL: https://[redacted].com/wp-json/wp/v2/posts
Request Method: OPTIONS
Status Code: 403 Forbidden
Remote Address: #.#.#.#:443
Referrer Policy: strict-origin-when-cross-origin
Response Headers:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type
Access-Control-Allow-Methods: OPTIONS, GET, POST, PUT, PATCH, DELETE
Access-Control-Allow-Origin: https://type.test
Access-Control-Expose-Headers: X-WP-Total, X-WP-TotalPages
Connection: Keep-Alive
Content-Length: 110
Content-Type: application/json; charset=UTF-8
Date: Fri, 12 Jul 2019 13:59:26 GMT
Keep-Alive: timeout=5, max=99
Link: <https://[redacted].com/wp-json/>; rel=”https://api.w.org/”
Server: Apache/2.4.29 (Ubuntu)
Vary: Origin
X-Content-Type-Options: nosniff
X-Robots-Tag: noindex
Request Headers
?? Provisional headers are shown
Access-Control-Request-Headers: authorization
Access-Control-Request-Method: GET
DNT: 1
Origin: https://type.test
Referer: https://type.test/
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.100 Safari/537.36
—–
Here’s the error I receive in my console:
]]>OPTIONS https://[redacted]/wp-json/wp/v2/posts 403 (Forbidden)
Access to fetch at ‘https://[redacted].com/wp-json/wp/v2/posts’ from origin ‘https://type.test’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: It does not have HTTP ok status.
Don’t have an answer for you… just here to say that the WordPress StackOverflow site might be a good place for fairly advanced and developer-focused questions like this.
https://wordpress.stackexchange.com/
Good luck!
]]>add_action( 'init', 'handle_preflight' );
function handle_preflight() {
$origin = get_http_origin();
if ( $origin == 'https://localhost:8080' || $origin == 'https://yourapp.firebaseapp.com') {
// You can set more specific domains if you need
header("Access-Control-Allow-Origin: " . $origin);
header("Access-Control-Allow-Methods: POST, GET, OPTIONS, PUT, DELETE");
header("Access-Control-Allow-Credentials: true");
header( 'Access-Control-Allow-Headers: Authorization' );
if ( 'OPTIONS' == $_SERVER['REQUEST_METHOD'] ) {
status_header(200);
exit();
}
}
}Wordpress back end JWT authentication
Android or Apple App
I have an Endpoint POST
register_rest_route($this->namespace, ‘/’ . $base.’/crmvalidation’, array(
array(
‘methods’ => \WP_REST_Server::CREATABLE,
‘callback’ => array( $this, ‘customer_validation’ ),
‘permission_callback’ => array( $this, ‘current_user_is_online’ ), //register_user_permissions_check
‘args’ => $this->get_endpoint_args_for_item_schema( true ),
),
) );
———–
the problem is that the first method method to invoke is the OPTIONS not the GET
]]>