Skip to content

Commit ed12a9e

Browse files
joehoyleclaude
andcommitted
Add missing permission_callback to REST route registrations
WordPress 5.5 requires permission_callback on all REST routes. Both public endpoints get __return_true since they handle their own authentication internally. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 parent 1d1e866 commit ed12a9e

2 files changed

Lines changed: 7 additions & 5 deletions

File tree

inc/endpoints/class-token.php

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -20,9 +20,10 @@ public function register_routes() {
2020
'oauth2',
2121
'/access_token',
2222
[
23-
'methods' => 'POST',
24-
'callback' => [ $this, 'exchange_token' ],
25-
'args' => [
23+
'methods' => 'POST',
24+
'callback' => [ $this, 'exchange_token' ],
25+
'permission_callback' => '__return_true',
26+
'args' => [
2627
'grant_type' => [
2728
'required' => true,
2829
'type' => 'string',

inc/endpoints/namespace.php

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,9 @@ function register() {
2323
'oauth2',
2424
'/authorize',
2525
[
26-
'methods' => 'GET',
27-
'callback' => __NAMESPACE__ . '\\redirect_to_authorize',
26+
'methods' => 'GET',
27+
'callback' => __NAMESPACE__ . '\\redirect_to_authorize',
28+
'permission_callback' => '__return_true',
2829
]
2930
);
3031
}

0 commit comments

Comments
 (0)