Calendar AJAX requests with wp-admin cookie security

  • Post date

Home Forums Welcome! Pre-Sales Questions Calendar AJAX requests with wp-admin cookie security

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • September 21, 2016 at 10:49 am #1167041
    Matt Fields
    Guest

    There is a recommended practice to secure the wp-admin area of a WordPress site by having requests to /wp-admin/* redirect to the index page if the request does not have a valid WordPress authentication cookie.

    Because the AJAX request for viewing the next month of events on the calendar uses the wp-admin/admin-ajax.php file to retrieve data, if you have this security feature enabled you get a spinning wheel instead of the next month of calendar events.

    Is there a workaround for this such that requesting the events for a month doesn’t use the admin-ajax.php functionality, and can instead use something from outside the wp-admin directory? If there does not currently exist a workaround for this, can this be added as a feature in a future release? It renders that functionality of the plugin useless as long as we have the additional security in place, and we are not in a position to disable that at this time.

    Thanks!

    September 27, 2016 at 11:02 am #1169349
    George
    Participant

    Hey Matt,

    Thanks for reaching out.

    There is unfortunately no workaround for this at this time. 🙁 It’s a totally reasonable thing for us to try and provide some better support for, though, and I brought this issue to our developers and they agreed that we should think a bit more about how we can help folks in this situation. At some point there will be full REST API support, which should be great, but until then…there’s nothing as of now. 🙁

    It may be possible to also add exceptions for Tribe AJAX requests, based on a regex test of the “action” field when it is set.

    ☝️ Doing this would take some tinkering on the level of custom coding on your site, so it’s outside the scope of support we can provide unfortunately, but should be possible…

    Cheers, and sorry to bear the bad news here!
    George

    September 27, 2016 at 1:58 pm #1169494
    Matt Fields
    Guest

    Thanks for the info! I’ll look forward to the REST API support. In the meantime I’ve found a workaround by means of javascript tomfoolery to disable the AJAX and fall back to the hard links.

    September 27, 2016 at 4:02 pm #1169544
    George
    Participant

    JavaScript tomfoolery? Awesome. 😉

    Sorry we weren’t able to provide a robust solution here yet—I’m glad you’ve got a workaround in place, and encourage you to stay tuned to our plugin updates to stay abreast of news regarding the REST API integration.

    It won’t be coming for at least several months, to be honest, but it is something we are taking seriously and already spending time thinking about.

    Cheers Matt, best of luck with your projects in the meantime—open a new thread here any time if other issues or questions arise.

    — George

    September 25, 2017 at 11:44 am #1354445
    Courtney
    Member

    Just posting a quick update that we’ve just launched The Events Calendar – Full REST Support. You can read the release notes at https://theeventscalendar.com/release-events-calendar-full-rest-support/.

    We also published a helpful guide: Introduction to The Events Calendar REST API https://theeventscalendar.com/knowledgebase/introduction-events-calendar-rest-api/ .

    We’re excited to provide this functionality for you.

    Thanks
    Courtney 🙂

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • The topic ‘Calendar AJAX requests with wp-admin cookie security’ is closed to new replies.