Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[gatsby-source-wordpress] Fetch protected endpoints #3063

Closed
ivorpad opened this issue Nov 29, 2017 · 4 comments
Closed

[gatsby-source-wordpress] Fetch protected endpoints #3063

ivorpad opened this issue Nov 29, 2017 · 4 comments

Comments

@ivorpad
Copy link
Contributor

ivorpad commented Nov 29, 2017

Hi first of all thanks for GatsbyJS!

I'm looking into the auth option log into WordPress and query protected endpoints like /wp-json/wp/v2/users/me but I just can't wrap my head around it.

Unfortunately the comment is confusing: If auth.user and auth.pass are filled, then the source plugin will be allowed to access endpoints that are protected with .htaccess.

auth: {
 htaccess_user: "",
 htaccess_pass: "",
 htaccess_sendImmediately: false,
},

Any help will be appreciated.
@benforshey
Copy link
Contributor

What I Think I Know

Hi, @ivorpad. I'm going to make the assumption that you're not hosting on WPCOM, and that you don't have the Basic Auth Handler plugin installed on your WP instance. Once you install that and fill in your htaccess_user and htaccess_pass, you should be able to query the wordpress__acf_options and wordpress__wp_me source and transform nodes.

If you enable this plugin, you'll need to always provide the current authentication to your Gatsby config file, or else the gatsby-source-wordpress will generate no Gatsby nodes.

What I Don't Understand

The README on the Basic Auth Handler says

"Note that this plugin requires sending your username and password with every request, and should only be used for development and testing."

I'm not quite sure what they mean, because I'm still able to access unprotected wp-json endpoints just fine. Perhaps they are just warning that having to handle basic auth on every request would add CPU load to your WP instance's request processing. Whatever the case, I'd image that since we're only access the REST API when Gatsby builds, that point doesn't matter too much.

How I'm Using This

  • I'm personally access my site only over https, so I'm comfortable sending that basic auth request in the header/URL (however gatsby-source-wordpress handles basic auth)
  • I'm using dotenv to manage my credentials locally within Gatsby, calling require('dotenv').config() above my module.exports within gatsby-config.js. I do that because my gatsby-config.js is committed to GitHub, and I don't want those credentials in version control. I also ensure that .env is listen in my .gitignore.
  • Since I deploy on Netlify, I also put my environmental variables in Netlify

@ivorpad
Copy link
Contributor Author

ivorpad commented Dec 1, 2017

Thanks @benforshey, I will definitely try this.

@benforshey
Copy link
Contributor

Hey, @ivorpad. How did this end up working for you?

@mindofjonas mindofjonas mentioned this issue Mar 27, 2018
Closed
@KyleAMathews
Copy link
Contributor

Due to the high volume of issues, we're closing out older ones without recent activity. Please open a new issue if you need help!

This was referenced Sep 17, 2021
Open
Open
Open
@snyk-bot snyk-bot mentioned this issue Feb 19, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ivorpad @KyleAMathews @benforshey