Gatsby: [gatsby-source-wordpress] Fetch protected endpoints
Hi first of all thanks for GatsbyJS!
I'm looking into the auth option log into WordPress and query protected endpoints like /wp-json/wp/v2/users/me but I just can't wrap my head around it.
Unfortunately the comment is confusing: If auth.user and auth.pass are filled, then the source plugin will be allowed to access endpoints that are protected with .htaccess.
auth: {
htaccess_user: "",
htaccess_pass: "",
htaccess_sendImmediately: false,
},
Any help will be appreciated.
ivorpad
All 4 comments
What I Think I Know
Hi, @ivorpad. I'm going to make the assumption that you're not hosting on WPCOM, and that you don't have the Basic Auth Handler plugin installed on your WP instance. Once you install that and fill in your htaccess_user and htaccess_pass, you should be able to query the wordpress__acf_options and wordpress__wp_me source and transform nodes.
If you enable this plugin, you'll need to always provide the current authentication to your Gatsby config file, or else the gatsby-source-wordpress will generate no Gatsby nodes.
What I Don't Understand
The README on the Basic Auth Handler says
"Note that this plugin requires sending your username and password with every request, and should only be used for development and testing."
I'm not quite sure what they mean, because I'm still able to access unprotected wp-json endpoints just fine. Perhaps they are just warning that having to handle basic auth on every request would add CPU load to your WP instance's request processing. Whatever the case, I'd image that since we're only access the REST API when Gatsby builds, that point doesn't matter too much.
How I'm Using This
- I'm personally access my site only over https, so I'm comfortable sending that basic auth request in the header/URL (however
gatsby-source-wordpresshandles basic auth) - I'm using
dotenvto manage my credentials locally within Gatsby, callingrequire('dotenv').config()above mymodule.exportswithingatsby-config.js. I do that because mygatsby-config.jsis committed to GitHub, and I don't want those credentials in version control. I also ensure that.envis listen in my.gitignore. - Since I deploy on Netlify, I also put my environmental variables in Netlify
benforshey
on 30 Nov 2017
Thanks @benforshey, I will definitely try this.
ivorpad
on 1 Dec 2017
Hey, @ivorpad. How did this end up working for you?
benforshey
on 6 Dec 2017
Due to the high volume of issues, we're closing out older ones without recent activity. Please open a new issue if you need help!
KyleAMathews
on 8 Sep 2018
Related issues
3CordGuy
路
3Comments
jimfilippou
路
3Comments
KyleAMathews
路
3Comments
ghost
路
3Comments
brandonmp
路
3Comments
Most helpful comment
What I Think I Know
Hi, @ivorpad. I'm going to make the assumption that you're not hosting on WPCOM, and that you don't have the Basic Auth Handler plugin installed on your WP instance. Once you install that and fill in your
htaccess_userandhtaccess_pass, you should be able to query thewordpress__acf_optionsandwordpress__wp_mesource and transform nodes.If you enable this plugin, you'll need to always provide the current authentication to your Gatsby config file, or else the
gatsby-source-wordpresswill generate no Gatsby nodes.What I Don't Understand
The README on the Basic Auth Handler says
I'm not quite sure what they mean, because I'm still able to access unprotected
wp-jsonendpoints just fine. Perhaps they are just warning that having to handle basic auth on every request would add CPU load to your WP instance's request processing. Whatever the case, I'd image that since we're only access the REST API when Gatsby builds, that point doesn't matter too much.How I'm Using This
gatsby-source-wordpresshandles basic auth)dotenvto manage my credentials locally within Gatsby, callingrequire('dotenv').config()above mymodule.exportswithingatsby-config.js. I do that because mygatsby-config.jsis committed to GitHub, and I don't want those credentials in version control. I also ensure that.envis listen in my.gitignore.