REST API endpoint works with curl not with JavaScript

  • I have created a plugin that implements a REST API endpoint evaluates the trust.txt file (see: https://datatracker.ietf.org/doc/draft-org-trust-relationship-protocol/) for a given URL. The plugin works successfully using this curl command and returns the correct JSON content:

    curl -X POST https://journallist.net/wp-json/trust-txt/v1/validate -H “Content-Type: application/json” -d ‘{“url”: “https://www.brownwolfconsulting.com”}’

    However, when I invoke this endpoint using this JavaScript fetch call, I get a 405 error.

    const endpoint = 'https://your-wordpress-site.com/wp-json/trust-txt/v1/validate';
    const payload = {
    url: tabUrl // The URL to validate
    };
    const response = await fetch(endpoint, {
    method: 'POST',
    headers: {
    'Content-Type': 'application/json',
    'Sec-Fetch-Dest': 'script',
    'Sec-Fetch-Mode': 'no-cors',
    'Sec-Fetch-Site': 'cross-site'
    },
    body: JSON.stringify(payload)
    });

    Here are the request headers from this fetch:

    POST
    Scheme: https
    Host: your-wordpress-site.com
    Filename: /wp-json/trust-txt/v1/validate
    Accept: */*
    Accept-Encoding: gzip, deflate, br, zstd
    Accept-Language: en-US,en;q=0.5
    Alt-Used: your-wordpress-site.com
    Connection: keep-alive
    Content-Length: 46
    Content-Type: application/json
    DNT: 1
    Host: your-wordpress-site.com
    Origin: moz-extension://26a3f088-782a-4056-9a9d-fd7df06607cd
    Priority: u=4
    Sec-Fetch-Dest: empty
    Sec-Fetch-Mode: cors
    Sec-Fetch-Site: same-origin
    Sec-GPC: 1
    TE: trailers
    User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:133.0) Gecko/20100101 Firefox/133.0

    Here are the response headers from this fetch:

    Status: 405
    Version: HTTP/3
    Transferred: 131 B (18 B size)
    Referrer Policy: strict-origin-when-cross-origin
    DNS Resolution: System

    Here is the rest_api_init I have used for this plugin:

    add_action('rest_api_init', function () {
    // Set the Access-Control-Allow-Origin header for all REST API responses
    header("Access-Control-Allow-Origin: *");
    header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
    header("Access-Control-Allow-Headers: Content-Type, Authorization");
    // Respond to preflight requests
    if ($_SERVER['REQUEST_METHOD'] === 'OPTIONS') {
    status_header(200);
    exit();
    }
    // Make sure site allows REST API access
    add_filter('rest_authentication_errors', function ($access) {
    return is_wp_error($access) ? $access : true;
    });
    });

    I would appreciate any suggestions on how to address this.

    • This topic was modified 3 months, 4 weeks ago by ralphbrown.
    • This topic was modified 3 months, 4 weeks ago by ralphbrown.
    • This topic was modified 3 months, 4 weeks ago by ralphbrown.

    The page I need help with: [log in to see the link]

Viewing 3 replies - 1 through 3 (of 3 total)
Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.