I realized the plugin doesn't support the refresh token which is important for renewing the token in the next requests. so the question is, do you have any plan to add the refresh token in your endpoints?

https://auth0.com/blog/refresh-tokens-what-are-they-and-when-to-use-them/

When i try to edit the saved page in the admin, it reports an error

request:

POST /wp-json/batch/v1?_locale=user HTTP/1.1
Host: ******.com
Connection: keep-alive
Content-Length: 330
sec-ch-ua: "Google Chrome";v="93", " Not;A Brand";v="99", "Chromium";v="93"
DNT: 1
sec-ch-ua-mobile: ?0
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/93.0.4577.82 Safari/537.36
Content-Type: application/json
Accept: application/json, */*;q=0.1
X-WP-Nonce: 0dbb6db3fa
sec-ch-ua-platform: "macOS"
Origin: https://******.com
Sec-Fetch-Site: same-origin
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://******.com/wp-admin/widgets.php
Accept-Encoding: gzip, deflate, br
Accept-Language: zh-CN,zh;q=0.9,en;q=0.8
Cookie: _ga=GA1.1.1406211796.1631495409; session_prefix=c446c69889d033af4e30307fffbf410b; __gads=ID=aabf2a2960bd4f18-22a58ecf9bcb006c:T=1631495410:RT=1631495410:S=ALNI_MbUylNOr3FHGSEUaOClC6ggaVMCYw; Hm_lvt_0632da004bdbc2cf30e83e362fbe3e19=1631261645,1632273780; wordpress_logged_in_684baaaad6781cc40e3eb2fe5df7a5c8=angrycat123%7C1633576138%7C21580mOAIXzlgdW5xmmFee1Wp2A1WQ3jzJfqLO9zpev%7C4a389108aadc4fcdcbe035631907c999d201da6e0cdb0321adae232de1d7e9e0; wp-settings-1=mfold%3Do%26libraryContent%3Dbrowse; wp-settings-time-1=1632366560; wpcom_panel_nav=0; _ga_ELRHFLW13Q=GS1.1.1632373877.12.1.1632378536.0; Hm_lpvt_0632da004bdbc2cf30e83e362fbe3e19=1632378536

response:

code: "jwt_auth_no_auth_header"
data: []
message: "Authorization header not found."
statusCode: 403
success: false

Hi, the HTTP_AUTHORIZATION header can conflict with page protection header parameter, like in WPEngine hosting, per example. This kind of page protection is usefull for sites under construction, staging and development environments with no external access.
Please, could you create a filter to change the header key used. Something like this:

$headerkey = apply_filters('jwt_auth_authorization_header', 'HTTP_AUTHORIZATION'); $auth = isset( $_SERVER[$headerkey] ) ? $_SERVER[$headerkey] : false;

Hey guys, great plugin. I'm having an issue where all the Woocommerce default endpoints that are whitelisted by default in your plugin are being blocked? We're on NGINX if that matters and still having the issue after disabling plugins. I tried manually adding them to the whitelist with my other custom URL's that do work and no luck. Have you come across this?

I'm getting the following error when I try to simple Publish something from wordpress.

TypeError: Cannot destructure property 'isEnabled' of 'Object(...)(...)' as it is undefined.
at _s (https://edit.choosemketech.org/wp-includes/js/dist/edit-post.min.js?ver=3656613c515e40e95a15114467097b39:49:116048)
at we (https://edit.choosemketech.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:84:293)
at zj (https://edit.choosemketech.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:226:496)
at Th (https://edit.choosemketech.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:152:223)
at tj (https://edit.choosemketech.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:152:152)
at Te (https://edit.choosemketech.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:146:151)
at https://edit.choosemketech.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:61:68
at unstable_runWithPriority (https://edit.choosemketech.org/wp-includes/js/dist/vendor/react.min.js?ver=16.13.1:25:260)
at Da (https://edit.choosemketech.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:60:280)
at Pg (https://edit.choosemketech.org/wp-includes/js/dist/vendor/react-dom.min.js?ver=16.13.1:61:14)

If a new registered user attempts to validate the token, it sends jwt_auth_obsolete_token only the first time and any subsequent login token validation works fine.

Hi,

there has a problem with your plugin and Elementor when i active JWT, i can’t preselect color from global in builder of Elementor.

Can you correct this ? or have you an idea to solve this problem ?

Cédric

Hi

i have created a single file plugin and named it as jwt-auth-routes and upload it into plugins directory of wordpress and finally activate the plugin through wordpress admin panel but my custom routes returns 403 with message "JWT is not configurated properly."

my plugin information:

plugin file name: jwt_auth_routes.php

code:

/**
* wordpress comments and plugin name & etc.
*/

defined( 'ABSPATH' ) || die( "Can't access directly" );

$routes = [
	'/wp-json/hm/v1/*'
];

add_filter( 'jwt_auth_whitelist', function ( $endpoints ) {
	
    return $routes;
	
});

BUT IT's NOT WORKING. the other routes such as /token and /token/validate are working and the generated token is valid.

please help me.

Current behavior :
When using a protected route, if no Authorization header is passed, we get a success response with code 200 with an error body :

{
	"success": false,
	"statusCode": 403,
	"code": "jwt_auth_no_auth_header",
	"message": "Authorization header not found.",
	"data": []
}

Expected behavior :
When using a protected route, if no Authorization header is passed, we should get an error with a 403 HTTP Status code.

Fix :
Use the second constructor argument when instanciating WP_REST_Response() in class-auth.php at line 293 to send an actual 403 Response.

if ( ! $auth ) {
	return new WP_REST_Response(
		array(
			'success'    => false,
			'statusCode' => 403,
			'code'       => 'jwt_auth_no_auth_header',
			'message'    => $this->messages['jwt_auth_no_auth_header'],
			'data'       => array(),
		),
		403 // add the actual status code here
	);
}

Hello,

Thanks for the plugin.
I am using the rest api in a mobile app and I want to generate a link to the website with the token as param and redirect the user to it.
I wonder how can I auto login in the website with the token, is there a hook to call and pass the token to it to connect the user automatically ?

Thanks

I have some troubles with 'jwt-auth' on my website using Theme X.

When I try to open the Theme X editor (/x/theme-options), it fails with the followings javascript errors :

In one picture :

Here is the text :

app.514eb0c.js:42 

Failed to inflate gzip data buffer error

app.514eb0c.js:42 

TypeError: Cannot read property 'groups' of undefined
    at app.514eb0c.js:42
    at r (lodash.min.js?ver=4.17.19:88)
    at db (app.514eb0c.js:42)

react-dom.min.js?ver=16.13.1:125 

TypeError: Cannot read property 'reduce' of undefined
    at app.514eb0c.js:42
    at r (lodash.min.js?ver=4.17.19:88)
    at app.514eb0c.js:42
    at r (lodash.min.js?ver=4.17.19:88)
    at app.514eb0c.js:42
    at r (lodash.min.js?ver=4.17.19:88)
    at Ia (app.514eb0c.js:42)
    at app.514eb0c.js:42
    at app.514eb0c.js:42
    at Object.useMemo (react-dom.min.js?ver=16.13.1:216)

app.514eb0c.js:42 

Uncaught (in promise) TypeError: Cannot read property 'reduce' of undefined
    at app.514eb0c.js:42
    at r (lodash.min.js?ver=4.17.19:88)
    at app.514eb0c.js:42
    at r (lodash.min.js?ver=4.17.19:88)
    at app.514eb0c.js:42
    at r (lodash.min.js?ver=4.17.19:88)
    at Ia (app.514eb0c.js:42)
    at app.514eb0c.js:42
    at app.514eb0c.js:42
    at Object.useMemo (react-dom.min.js?ver=16.13.1:216)

I seems that is a mess in the javascript resources ! I desactivated all others plugins on my website and only 'jwt-auth' is causing this issue.

app.514eb0c.js is a static file from Cornerstone, a plugin used by Theme X to edit pages. The location is : /www/wp-content/plugins/cornerstone/assets/dist/js

Is anything the plugin trying to minify or uglify ? Is there a dependencies conflict (lodash ? react ?) ?
I looked at the plugin's code but I'm not really good in PHP ^^

Any idea ?

Thanks !

I am trying to configure JWT Authentication for WordPress REST API. But the problem is there is no direct config available for enabling the HTTP Authorization Header. Nginx doesn't have a .htaccess file, so I can't add the rewrite rules.

Here are the rules for apache based server:

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

I believe it's not going to work with Nginx. What is the solution available for the Nginx side?

Hi,

I installed the plugin on a new clean Wordpress on localhost environment.
I am trying to create a login via local React app and get CORS errors.
I understand the reason but do you know how can I get through it?

htaccess

wp-config

wp-admin

react call

error

request

Thanks,
Daniel

The composer.lock file should also be committed though; otherwise every new invocation of composer install will install a different version of the JWT library.

Originally posted by @sun in #33 (comment)

Hi

I am probably missing something obvious by how to I get the user data of an authenticated user in a custom endpoint?

function get_user_data( $response ) {

	// HOW DO I OUTPUT USER DATA HERE?
	error_log(print_r($response, true));
 
  	return 'User';
}


add_action( 'rest_api_init', function () {
  register_rest_route( 'access/v1', '/content/(?P<id>\d+)', array(
    'methods' => 'GET',
    'callback' => 'get_user_data',
    'args' => array(
      'id' => array(
        'validate_callback' => function($param, $request, $key) {
          return is_numeric( $param );
        }
      ),
    ),
  ) );
} );

It is validating successful and I am getting the response but I am not sure how to parse the token to get the user data?

I know with another plugin you do this.

$user = JWTAuth::parseToken()->authenticate()

Thanks

Hi @contactjavas

With my team, we found out where the problem (https://wordpress.org/support/topic/whitelisting-token-generation-endpoint/) came from. It is due to our custom installation with WordPress in a sub-directory (https://wordpress.org/support/article/giving-wordpress-its-own-directory/).

To make it work in this case too,

if ( home_url('/' . $this->rest_api_slug,'relative') . '/jwt-auth/v1/token' !== $request_uri ) {

The package on packagist (link) uses ogabrielaraujo instead of usefulteam, which results in a 404 when downloading the package via composer.

This plugin breaks Rankmath SEO plugin.

Makes you unable to set focus keywords or update snippet settings on a per post basis.

Any possible fixes?

Discovered during #33

Problem

• When sending REST parameters as a JSON object together with a Content-Type: json instead of multipart/form-data, then the device parameter is not handled; i.e., the device is not registered and does not appear in the user account.

Cause

• The code directly accesses $_POST['device'] instead of retrieving the request parameter from WP_REST_Request.

Since latest version 5.5 I am now getting error:

{"type":1024,"message":"register_rest_route was called <strong>incorrectly&lt;\/strong&gt;. The REST API route definition for <code>jwt-auth\/v1\/token&lt;\/code&gt; is missing the required <code>permission_callback&lt;\/code&gt; argument. For REST API routes that are intended to be public, use <code>__return_true&lt;\/code&gt; as the permission callback. Please see <a href="https:\/\/wordpress.org\/support\/article\/debugging-in-wordpress\/">Debugging in WordPress&lt;\/a&gt; for more information. (This message was added in version 5.5.0.)","file":"\/Users\/me\/Projects\/project\/wp-includes\/functions.php","line":5225}

Hi,

It's possible to whitelist route and method http ?

for example :

GET /users => No whitelist
POST /users => Whitelist

if this is not possible, is it possible to consider implementing this feature?

Thx,
Cédric

Hi Guys, is it a good idea to have a UI in the admin area to allow people to whitelist some endpoints / maybe modify the default whitelisted endpoints?

Sure, we have some filters. But seems like it's quite often people come with issues like "x or y or z" plugins don't work (due to blocked request).
And then we suggest using a filter to solve that, and then they ask where to put the codes.

Not sure if an options page in the admin area is necessary, but what do you think?

Not sure why this is happening as there is no additional error.

I am trying to set up JWT Auth on a local docker container and I cannot seem to activate the plugin. I get the following error message:

I am able to install and activate other plugins so I wondering what the reason is. I am using WP 5.5.1

Any help is appreciated.

Hello,

Since the update I have problems with the validation of the JWT token.

In class-auth.php when apply filter "jwt_auth_extra_token_check" in line 391, i have a payload with
object(stdClass)#897 (1) { [ "user" ]=> object(stdClass)#896 (1) { [ "id" ]=> int(35) } }

And so, i don't have "$payload->data->user->pass" in file "class-devices.php" line 99.

do you have any advice to solve my problem?

When submitting a contact form I get an error in the console
when I deactivate the plugin it starts working again I tried uninstalling and reinstalling the actual plugin functionality is working fine I am able to login using the API has anyone else had the same problem?
I have left the Plugin activated if you need more info on the error just submit the form at the bottom of the home page https://chocolatebash.com/careers/

Uncaught TypeError: Cannot read property ‘replace’ of undefined

Follow-up on #1 (comment)

Goal

• Add an option or constant to emit the refresh token in the response body instead of a cookie.

Details

• For security reasons with regard to web/browser clients, #33 implemented the refresh token only as a cookie.
• In cases where no web (browser) apps are involved (e.g. only native apps), it would be secure to emit the refresh token as part of the token response body.

Notes

• I have no use-case for this myself, so I will probably not implement it myself. PRs are welcome though.

Every response, even with an error it uses the status code 200, which is incorrect by rest standards.

Should return the correct status code on errors.

Trying to use wp_verify_nonce in jwt_auth_whitelist filter results in infinite loop in function calls. The plugin adds determine_current_user filter, and wp_verify_nonce also uses this.

PHP Fatal error:  Uncaught Error: Maximum function nesting level of '256' reached, aborting! in /Project/wp-includes/class-wp-hook.php:287
Stack trace:
#0 /Project/wp-includes/class-wp-hook.php(287): array_keys(Array)
#1 /Project/wp-includes/plugin.php(189): WP_Hook->apply_filters('user', Array)
#2 /Project/wp-includes/formatting.php(2124): apply_filters('sanitize_user', 'user', 'user', false)
#3 /Project/wp-includes/class-wp-user.php(231): sanitize_user('user')
#4 /Project/wp-includes/pluggable.php(105): WP_User::get_data_by('login', 'user')
#5 /Project/wp-includes/pluggable.php(707): get_user_by('login', 'user')
#6 /Project/wp-includes/class-wp-hook.php(303): wp_validate_auth_cookie(false)
#7 /Project/wp in /Project/wp-includes/class-wp-hook.php on line 287

Hi,

is there any endpoint or a function that I can call and invalidate the token ? let's say the logout function for Example.

When enabled, I see if the request header come with Basic Authorization (WC using it), the plugin throw an error jwt_auth_bad_auth_header. Could we make it no error so that other plugins can work with other authentications?

Throwing jwt_auth_no_auth_header in this case is a good idea?

Hi, there's a pass key which is sent in /validate response. Is this the user's password? Shouldn't it be removed?

On Wordpress site with NewspaperX theme.

Description:
Not able to update the inline content ad or add a new element to the page with TagDiv editor while this plugin is active.
Checking chrome console provides with this info

code: "jwt_auth_no_auth_header"
data: []
message: "Authorization header not found."
statusCode: 403
success: false

TagDiv editor is opened only after logging in at example.com/wp-admin/ by manually entering username and password.

Expected behaviour:
Jwt request should not be send as user is already authenticated and logged in.

Possible solutions:

• Only check for authorization header for requests to rest api endpoints.
• Add some sort of filter to filter out requests send from site itself, like the case here.

If there is already a fix for this, please do let me know!

Edit: Using version 2.1 installed from Wordpress admin
After adding
RewriteEngine on RewriteCond %{HTTP:Authorization} ^(.*) RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
I manage to have
isset($headers['Authorization']) = 1 var_dump($headers['Authorization']) = string(0) "" isset($_SERVER['HTTP_AUTHORIZATION']) = 1
but nothing for
isset($_SERVER['REDIRECT_HTTP_AUTHORIZATION']) =

1. I can create a token
2. I can validate it with axios
3. I have a 403 'jwt_auth_bad_config' when I try to GET a custom api with the token and axios

Edit2: I tried the github version 3.0 and still same problem. Cookie refresh returns 'JWT is not configured properly.'
Edit3: It's weird, it seems it can read JWT_AUTH_SECRET_KEY on the first 2 steps (I was able to send it in json response to test) but on line 392 of class-auth.php it's empty...

Probably a question for @contactjavas, but just noting your recent comments that you haven't much time for this repo at present, I may be interested in becoming more active and I'm a heavy user of this plugin, but wanted to know who manages it on WordPress.org?

I seem to remember a while ago there was a Discord or Slack for this as well? Or am I making that up?

Hello,

We're using this plugin (v1.2.6), and it mentions in the documentation of adding a whitelist filter:

add_filter( 'jwt_auth_whitelist', function ( $endpoints ) { return array(...); });

However, I've implemented this, and after looking into why it wasn't working, it seems that this filter isn't called anywhere whatsoever in the plugin code, nor is the word 'whitelist' mentioned anywhere in the code. So is this not implemented within the plugin at all, or are we to use it differently or manually ourselves?

I tried moving the filter definition around to the beginning of the initialization code, as the documentation suggests, but it still doesn't seem to do anything.

I had to implemented my own whitelisting logic in the class-jwt-auth-public.php determine_current_user function.

I thought that if you create a new token then a previously generated token would no longer work?

wp-json/jwt-auth/v1/token -> old token

wp-json/wp/v2/users/me bearer: old token -> "200 ok"

wp-json/jwt-auth/v1/token -> new token

wp-json/wp/v2/users/me bearer: new token -> "200 ok"

wp-json/wp/v2/users/me bearer: old token -> "200 ok"

Is this intensional?
I'm using Postman to test this, though I assume that is not relevant.
jwt-auth Version: 2.1.0

Hi!

This might be not important. But seems like WPCS is getting older.
Do you think it is necessary to re-consider to switch from WPCS?

The alternatives might be:

• Automattic/phpcs-neutron-standard
• inpsyde/php-coding-standards

Thanks :)

Not sure if I am doing something wrong here but I can't get the whitelist function to work. I have tried it in functions.php and in a plugin but I still get a 403 error.

Basic example:

add_filter( 'jwt_auth_whitelist', function ( $endpoints ) {
	return array(
		'/wp-json/custom/v1/*',
	);
} );


function hello_world( $data ) {
	return 'Hello World';
}

add_action( 'rest_api_init', function () {
	register_rest_route( 'custom/v1', 'test', array(
		'methods'  => 'GET',
		'callback' => 'hello_world',
	) );
} );

Something broke with jwt-auth.

When I do POST https://{{host}}/wp-json/jwt-auth/v1/token with username, password or even blank credentials it takes around 1 minute and I get a 504 Gateway Time-out response back.

There are no logs or anything.

Wordpress 5.7.2
PHP 7.4

I followed your documentation and I can generate the token. But the generated token is not working 😥

I got a response like this when I tried to use generated token.

{
    "success": false,
    "statusCode": 403,
    "code": "jwt_auth_bad_auth_header",
    "message": "Authorization header malformed.",
    "data": []
}

This plugin: https://wordpress.org/plugins/jwt-auth
The other plugin: https://wordpress.org/plugins/jwt-authentication-for-wp-rest-api

Expected Behaviour

A new post in Gutenberg should be created as it does without the plugin being activated.

Actual Behaviour

When clicking on "Publish" in Gutenberg, the post says that it has been published but it has not as it does not appear in the database nor on the posts listing page in the dashboard.

This happens even if I whitelist this URL: /wp-json/wp/v2/posts

Steps to Reproduce the Problem

1. Install and activate the plugin.
2. Attempt to publish a new post in Gutenberg.
3. See that the post is not asserted in the database or the posts listing page.

Additional Information

When activating the plugin, all REST API endpoints are protected even if they are public by default, such as this URL: /wp-json/wp/v2/posts, would it be possible to add configuration so that only routes that need authentication require it by JWT?

Hi I have WordPress website which is running on Nginx server on AWS.
I'm not sure how to configure JWT auth correctly.
I receive error "jwt_auth_no_auth_header"
Thanks!

First of all, thank you for developing this plugin! It's really great.
I'm using it to authenticate users from a React Native app.

I'm creating my own API route for that, where I directly call the generate_token() method on the JWTAuth\Auth class, like so:

public function process() {
	$login    = sanitize_text_field( $this->get_param( 'login' ) );
	$password = sanitize_text_field( $this->get_param( 'password' ) );
	$user     = wp_authenticate( $login, $password );

	if ( is_wp_error( $user ) ) {
		return $user;
	}

	$auth    = ( new \JWTAuth\Auth() )->generate_token( $user, false );
	$payload = apply_filters( 'project/ajax/user-login/payload', $auth['data'], $user );

	return [
		'success' => true,
		'auth'    => $payload,
	];
}

So far so good, but I'm wondering if it would be safer and more practical for everybody if we had access to a basic function to generate the token, instead of instantiating the class and calling the right method.
Maybe something like jwtauth_generate_token( $user, false ).

That way, it's update-proof: if something changes (class name, method, parameters), we make sure to reflect these changes in the publicly available function, so we ensure long-term compat.

What do you think?

I can take care of creating such a function and add a PR if necessary.

Hello @contactjavas,

We created a custom plugin for the whitelist filters like so:

<?php

if (!defined('WPINC')) {    die;    }
if ( ! defined( 'ABSPATH' ) ) die( 'restricted access' );

class CustomPlugin {

    public function __construct(){
        add_filter('jwt_auth_whitelist', function ( $endpoints ) {
            array_push($endpoints,'/wp-json/dummy/*');
            array_push($endpoints,'/wc-admin/*');
            array_push($endpoints,'/wc/*');
            array_push($endpoints,'/wc-auth/*');
            array_push($endpoints,'/wc-analytics/*');
            array_push($endpoints,'/wp-json/wc-admin/*');
            array_push($endpoints,'/wp-json/wc/*');
            array_push($endpoints,'/wp-json/wc-auth/*');
            array_push($endpoints,'/wp-json/wc-analytics/*');
            return $endpoints;
        });
    }
}

//======================================================
new CustomPlugin();

We were able to resolve this warning in the other areas:

[20-Apr-2021 08:46:03 UTC] PHP Warning:  Illegal string offset 'slug' in /home/dummyuser/repos/dummyproject/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php on line 149
[20-Apr-2021 08:46:03 UTC] PHP Warning:  Illegal string offset 'slug' in /home/dummyuser/repos/dummyproject/wp-content/plugins/woocommerce/packages/woocommerce-admin/src/API/Reports/PerformanceIndicators/Controller.php on line 149

The only remaining case that it appears is when we access /wp-admin, could you provide us some insight about this?

Hi,

I ran into a problem in Gutenberg editor where Oembed blocks like youtube, instagram & others does not show any prelive in gutenberg.

after some investigation I saw the response is jwt_auth_no_auth_header.

so I think '/wp-json/oembed/* should be added to jwt_auth_default_whitelist as it used internally by WP.

I came across some issues adding some patterns to the jwt_auth_whitelist to whitelist them from auth and when I looked at the plugin code I found a TODO for this very point in JWTAuth::is_whitelisted()

I'm trying to whitelist something with the following pattern:

• /wp-json/bdvs/v1/services/(?P\d+)/action

If I add a check that looks something like this I get what I need:

$regex = '/' . str_replace( '/' , '\/' , $endpoint ) . '/'; if( preg_match( $regex , $request_uri )) { return true; }

I need to use this because I only want to whitelist this route if it has /action on the end of it.

What do you think about adding this in there?

When the site is installed in folder, $_SERVER['REQUEST_URI'] comes with the folder name in path. The plugin must use only the rest base to compare. So, to avoid this problem you can add this code to define the $resquest_uri in is_whitelisted() function:

$prefix = rest_get_url_prefix();
$split = explode( $prefix, $_SERVER['REQUEST_URI'] );
$request_uri = '/'.$prefix.'/'. ( (count($split)>1)?$split[1] : $split[0] );

Hello, my problem is !
If active plugin then error Cannot read properties of undefined (reading '0') only widget !!!

Can i help me ?

Hi, i am currently using your plugin and it works fine. Now we are using a library plugin to manage images better. But after we enable it, we get an error:

{ "success": false, "statusCode": 403, "code": "jwt_auth_no_auth_header", "message": "Authorization header not found.", "data": [] }

Plugin installed: https://de.wordpress.org/plugins/filebird/

When disabling it, everything works fine again. Any ideas?