You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Similar to how current floauth_filter_pre_get_posts works. defined( 'REST_REQUEST' ) can be used inside pre_get_posts to detect whether the query is a REST API request.
There are some difficulties though:
is_user_logged_in() does not work in pre_get_posts in REST requests as being logged in does not mean user is authenticated
is there a way to detect if it's an internal REST request? Implementing restriction for all REST requests would mean extranet pages wouldn't be shown f. ex. in block editor parent page selector
Might also consider simply emptying relevant fields (f. ex. content, excerpt) in the REST responses using rest_prepare_page filter instead of removing the pages from all results. But even this may have some undesired consequences and should be tested. This also does not empty any other fields (f. ex. plugin-specific fields) that might leak restricted content.
The text was updated successfully, but these errors were encountered:
Similar to how current
floauth_filter_pre_get_postsworks.defined( 'REST_REQUEST' )can be used insidepre_get_poststo detect whether the query is a REST API request.There are some difficulties though:
is_user_logged_in()does not work inpre_get_postsin REST requests as being logged in does not mean user is authenticatedMight also consider simply emptying relevant fields (f. ex.
content,excerpt) in the REST responses usingrest_prepare_pagefilter instead of removing the pages from all results. But even this may have some undesired consequences and should be tested. This also does not empty any other fields (f. ex. plugin-specific fields) that might leak restricted content.The text was updated successfully, but these errors were encountered: