As stated in the official docs, the JSON API CSRF protection only works from within WordPress.
It is important to keep in mind that this authentication method relies on WordPress cookies. As a result this method is only applicable when the REST API is used inside of WordPress and the current user is logged in. In addition, the current user must have the appropriate capability to perform the action being performed.
Which means anytime I start a Vue development server to build my Vue app, the API will refuse my requests, as there’s no WP environment that could provide me with a nonce that I could then pass to the API. Anybody found a workaround for that problem?
Answers:
Thank you for visiting the Q&A section on Magenaut. Please note that all the answers may not help you solve the issue immediately. So please treat them as advisements. If you found the post helpful (or not), leave a comment & I’ll get back to you as soon as possible.
Method 1
For making authenticated API requests from a third party app, you’ll need to install a plugin to give you different methods of authentication.
The most convenient but less secure is Basic Authentication: https://github.com/WP-API/Basic-Auth, it’s appropriate for a local development environment.
This allows you to make authenticated requests by passing username and password in the body of the POST request.
I don’t have an example in Vue, as I’m not familiar with its syntax.
All methods was sourced from stackoverflow.com or stackexchange.com, is licensed under cc by-sa 2.5, cc by-sa 3.0 and cc by-sa 4.0