CORS & Remote access to WP via RestAPI



I have built an app which enables the manager of many WP sites to make RestAPI GET, POST, PUT DELETE requests which work perfectly when using them from this Apps, when the WP site are hosted on the same domain / subdomains.

I have added the below lines in the .htaccess of the 'remote WP' not hosted on the same domain, in order, I thought, to enable access to the site remotely:



CORS Headers
ifModule mod_headers.c
    Header always set Access-Control-Allow-Origin: "http://admin.soulabail.fr"
    Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE"
    Header always set Access-Control-Allow-Headers "X-Requested-With, content-type"
/ifModule
BEGIN WordPress
IfModule mod_rewrite.c
RewriteEngine On
RewriteBase /wordpress/
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /wordpress/index.php [L]
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
/IfModule





I am using Enrique Chavez's JWT -Authentication plugin, and it works great, and would not be in question, and added the CORS Section to the beginning of the htaccess file, to no avail....

Am I missing something ? Am I mistaken on the role and capabilities of CORS authorizations (...) w/ regards to accessing a remote DB (my primary request to the WP site is in fact a request to the remote DB not hosted on the same domain as the app , and fails with the below message:



SQLSTATE[HY000] [2002] php_network_getaddresses: getaddrinfo failed: Name or service not known

Which indicates a failure to access the remote database...Is this in any way related to any possible CORS bypass / is the htaccess config to "blame" ?



Many thanks for your help

Topic remote rest-api Wordpress

Category Web

About

Geeks Mental is a community that publishes articles and tutorials about Web, Android, Data Science, new techniques and Linux security.