I had a wordpress wp-admin working on a unique area.
In different phrases WP_SITEURL = 'https//admin.instance.com'
and WP_HOME = 'https://www.instance.com'
Lately I had the unhealthy concept to up to date wordpress to the most recent model.
All appears work effective however after I spotted that was impossibile add a brand new put up or up to date an present one.
For instance after I added a brand new put up (/wp-admin/post-new.php) there have been few fetch requests from admin to www:
https://www.instance.com/wp-json/wp/v2/customers/me?_locale=person
https://www.instance.com/wp-json/wp/v2/customers/?who=authors&per_page=100&_locale=person
Each of them had the identical error:
Entry to fetch at
'https://www.instance.com/wp-json/wp/v2/customers/?who=authors&per_page=100&_locale=person'
from origin 'https://admin.instance.com' has been blocked by CORS
coverage: Request header subject x-wp-nonce will not be allowed by
Entry-Management-Permit-Headers in preflight response.
Trying round I came upon that might be simple add a brand new CORS directive, so promptly added this:
add_filter('rest_pre_serve_request', operate( $worth ) {
header( 'Entry-Management-Permit-Headers: X-WP-Nonce', false);
return $worth;
});
Satirically the consequence was even worst, now I’ve an infinite requests that fail with 403
https://www.instance.com/wp-json/wp/v2/customers/me?_locale=person
https://www.instance.com/wp-json/wp/v2/customers/me?_locale=person
https://www.instance.com/wp-json/wp/v2/customers/me?_locale=person
...
Now I am caught attempting to know what’s unsuitable, and if there’s any solution to resolve this problem.
Any assist to know what’s taking place is appreciated.