Theme Co - error with REST/API (Permissions application level) - We are getting the error: {"code":"rest_forbidden","message":"Sorry, you are not allowed to do that.","data":{"status":401}}

ictmanager_rghs · July 21, 2022, 8:17am

I refer to the case: https://theme.co/forum/t/content-editing-in-cornerstone-not-loading/99056
The problem is still not resolved for us, I have access to the hosting server, however I have been unable to enable REST API. We were asked “Please contact your Hosting Service provider to allow REST actions to avoid the issue. {“code”:“rest_forbidden”,“message”:“Sorry, you are not allowed to do that.”,“data”:{“status”:401}}”

Please can you give me instructions in order to fix this error as I am unsure as to how to fix it.

tristup · July 21, 2022, 10:58am

Hi Francis,

Thanks for reaching out.
It seems that there is some security setting on this specific site. Please contact your Hosting Service provider to allow REST actions to avoid the issue.

Thanks

ictmanager_rghs · July 21, 2022, 11:36am

Hi Tristup, I have access to the WHM server, do you know which security setting that I need to change in order to allow REST actions? I have allowed for http authentication, but I don’t know what else to do…

marc_a · July 21, 2022, 1:33pm

Hey Francis,

I suspect that the WordPress REST API is disabled, please enable it. It would also be best to reach out your hosting provider and ask them to enable or allow the REST API.

Hope that helps.

ictmanager_rghs · July 22, 2022, 7:48am

Hi Marc,

I am sorry, you are not being very helpful at all.
What are you talking about when you say enable the WordPress REST API? The API is working as I can send a GET request to the website using postman.

Cornerstone was working perfectly in May and then all of a sudden it stopped working. Is there some sort of authentication plugin that I am supposed to install so that cornerstone can access the API?

tristup · July 22, 2022, 8:53am

Hi Francis,

If that was working before with the updated version of Theme and now you are getting the problem, I assume there might be the problem with the server configuration or any authentication at your server end which blocks the Cornerstone endpoints only. I would suggest you check if the mod_security is enabled in your site, and that causes the issue in calling the Cornerstone endpoints. If that is enabled, please disable and check if that resolves your issue or not. I would suggest you go through the following article which may help you on this.

https://www.interserver.net/tips/kb/how-to-disable-mod_security-and-why-it-is-not-recommended/

Hope it helps.
Thanks

ictmanager_rghs · July 22, 2022, 11:23am

Hi Tristup,

This is the first thing that I checked, I disabled it again, but the endpoints still weren’t working. I then went to the WHM server, selected Home/Software/EasyApache4 and selected the profile: “All PHP Options + ZedGuard” and then clicked Provision. I then Restarted The WHM server and turned Mod security back on and now the endpoints are working again. So it appears some PHP options must have been preventing the endpoints from working.

ictmanager_rghs · July 22, 2022, 11:30am

Seems you need PHP 8.1 for Cornerstone to work.

tristup · July 22, 2022, 11:37am

Hi Francis,

Glad to know that it start working again. The PHP version 7.4 is the minimum required version for the latest version of Cornerstone. If you find any problem in any of the above versions, please downgrade to the minimum required version and check.

Thanks

system · August 1, 2022, 11:37am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.