Replies: 1 comment
-
The short answer is no. This is due to WordPress using javascript to call rest endpoints. This means that there isn't really a way to tell if the call is actually external to WordPress or WordPress calling the endpoint from an user's browser. The solution would be to find a way to get WordPress to add the jwt to all its rest endpoint calls. See this discussion. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
is it possible to block external calls but not block local ones so that the work of plugins and themes using the endpoint is not broken
Beta Was this translation helpful? Give feedback.
All reactions