Only have access to method “GET” in WP REST API - others return 401

问题

I'm working with the Wordpress REST API and have the following issue:

When I try to make a "POST" or "DELETE" request I get a 401 error - even for the standard endpoints like "wp-json/wp/v2/posts".

Locally it works without any problems, but on my webserver it doesn't.

Here's the response from when I try to make a "POST" request to the server:

{
  "code": "rest_cannot_create",
  "message": "Sorry, you are not allowed to create new posts.",
  "data": {
      "status": 401
  }
}

... and the HEADERS:

Access-Control-Allow-Credentials →true
Access-Control-Allow-Headers →Authorization
Access-Control-Allow-Methods →POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin →
Access-Control-Expose-Headers →X-WP-Total, X-WP-TotalPages
Age →0
Allow →GET
Connection →keep-alive
Content-Length →111
Content-Type →application/json; charset=UTF-8
Date →Wed, 06 Apr 2016 13:59:45 GMT
Server →Apache
X-Content-Type-Options →nosniff

Here's the are the Headers for a "POST"-Request for "wp-json/wp/v2/posts" from my local server:

Access-Control-Allow-Credentials →true
Access-Control-Allow-Headers →Authorization
Access-Control-Allow-Methods →POST, GET, OPTIONS, PUT, DELETE
Access-Control-Allow-Origin →
Access-Control-Expose-Headers →X-WP-Total, X-WP-TotalPages
Allow →GET, POST
Cache-Control →no-cache, must-revalidate, max-age=0
Connection →keep-alive
Content-Type →application/json; charset=UTF-8
Date →Wed, 06 Apr 2016 13:57:19 GMT
Expires →Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified →
Location →http://seebook.dev/wp-json/wp/v2/posts/25
Pragma →no-cache
Server →nginx
Transfer-Encoding →chunked
X-Content-Type-Options →nosniff
X-Powered-By →PHP/5.5.9-1ubuntu4.14

As you can see, locally both "GET" and "POST" are allowed, on the server only "GET".

Do you have any idea, where the problem could be?

回答1:

I was able to fix this issue after hours of search!

The problem was that .htaccess was missing these mod_rewrite rules:

# BEGIN WP BASIC Auth
<IfModule mod_rewrite.c>
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
</IfModule>
# END WP BASIC Auth

Found the snippet here: https://stackoverflow.com/a/36499422/3754201

Cheers

来源：https://stackoverflow.com/questions/36453726/only-have-access-to-method-get-in-wp-rest-api-others-return-401