But also, I had multiple scripts, and I just understood that the first parameter of wp_enqueue_script() isn't actually specific to plug-in but is specific to script ( maybe you should change 'my-plugin' in you answer because that's confusing. Restores a post to the specified revision. Checking Other User Attributes WordPress is a trademark of the WordPress Foundation, registered in the US and other countries. rev2023.3.3.43278. This seems to be related to the fact that documents are custom posts. Which use would you expect it to return when you call it from this other method? Resource: https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/. For remote authentication I'd recommend the JWT plugin for a quick start: Or you can use the ones suggested on the docs: If an API call comes in that does not have a nonce set, WordPress will de-authenticate the request, killing the current user and making the request unauthenticated. We return the roles in the same format as specified above (as an array). In 2018, the SAPPRFT was replaced by the National Film . I got your question and since yet, no one gave you the correct answer, i have what your are looking for. . Let WordPress do that for you. All you need to do is wp_set_current_user( {user_id} ) at the start of your API. wp-includes/rest-api/endpoints/class-wp-rest-application-passwords-controller.php, wp-includes/widgets/class-wp-widget-custom-html.php, wp-includes/rest-api/endpoints/class-wp-rest-users-controller.php, wp-includes/rest-api/endpoints/class-wp-rest-comments-controller.php, wp-includes/class-wp-customize-manager.php, You must log in to vote on the helpfulness of this note, WP_REST_Application_Passwords_Controller::get_user(), the_block_editor_meta_box_post_form_hidden_fields(), WP_REST_Users_Controller::get_current_item(), WP_REST_Comments_Controller::create_item(), WP_Screen::render_meta_boxes_preferences(), WP_Customize_Manager::register_controls(). The problem appears to be in how the current logged in user is established. I do not understand how 'MyPluginSettings' is passed to script. Learn more about Stack Overflow the company, and our products. vegan) just to try it, does this inconvenience the caterers and staff? Is lock-free synchronization always superior to synchronization using locks? Very similar to this question of a couple of hours ago: How can I get a list of latest posts outside of my WP install? @JessFranco you are right, for server side requests(my case), the token will be enough, for client side/manual ajax calls, you have to include the nonce to avoid CSRF, there is no need to include the token since you already have a logged in user and client side is cookie based. I think the problem also lies in the fact that cookies are tied to the $WP_relpath URI and cannot be sent by the browser. I was insterting my script in html