Reputation: 6691
Wordpress REST API custom post type DELETE access forbidden
I have the following problem in Wordpress.
I created a new custom post type called "coursenote". I'm using the REST API for Ajax calls (using jQuery). Creating new posts and updating posts is working fine, but deleting doesn't work.
My custom post type definition:
register_post_type( 'coursenote',
[
'labels' => [
'name' => __( 'User notes' ),
'singular_name' => __( 'User note' ),
],
'public' => false,
'show_in_menu' => true,
'show_ui' => true,
'show_in_rest' => true,
'rest_base' => 'usernote',
'has_archive' => false,
'supports' => array(
'page-attributes',
'title',
'editor',
'author',
),
]
);
The REST URL for the custom post type is "http://.../usernote". I can read, post and update, but I can't delete a post. Deleting should work via DELETE method on http://.../usernote/[id]/ (see Wordpress documentation), but I get a 403 forbidden message.
That's the jQuery Ajax code:
ajaxRequestUserNotes = jQuery.ajax({
method: 'DELETE',
url: "http://.../usernote/" + id + '?force=true',
beforeSend: function (xhr) {
xhr.setRequestHeader('X-WP-Nonce', nonce);
},
success: function (result) {
console.log(result);
}
});
As you can see, the authentication header is also set (like this it's working on new posts and updating posts).
What am I missing here?
Upvotes: 3
Views: 2067
Answers (1)
Reputation: 6691
I found the problem. It was a misconfigured Apache server.
The error.log showed the following error:
[authz_core:error] [pid 13102] [client ::1:44796] AH01630: client denied by server configuration:
So, I checked the server configuration and found the following block in the Apache config:
<Limit GET POST OPTIONS>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS>
Require all denied
</LimitExcept>
As you can see, "DELETE" is missing. You need to add it like this:
<Limit GET POST OPTIONS DELETE>
Require all granted
</Limit>
<LimitExcept GET POST OPTIONS DELETE>
Require all denied
</LimitExcept>
I hope this helps other people.
Upvotes: 1
Related Questions
- Ajax delete request returns 200 but fires error
- 403 forbidden and 400 bad request errors while adding and deleting items to SharePoint list using REST
- Ajax Delete give 405 (Method Not Allowed) in laravel 6
- ajax DELETE method not allowed
- Laravel 5 making DELETE request by ajax - method not allowed
- 401 Unauthorized DELETE request to RESTful API in laravel via Ajax
- 403 Status (Forbidden) when PUT and DELETE using AJAX
- REST API - 404 not found for DELETE method
- calling delete rest api by jquery
- RESTful issue with data access when using HTTP DELETE method