REST API - Head Tags Plugin Breaking with Password Protected

ShaGui · 15 January 2020 05:33

Hello,

I installed the new REST API - Head Tags plugin and I want to start off by saying kudos to the team!

The plugin works great and I am running it now at: shaunguimond.com (my personal Frontity built blog). I ran into a problem though with another plugin I use named Password Protected. I use Password Protected for SEO reasons. I have found that they do not work together, and to get them to work, I had to disable caching in the REST API - Head Tags plugin.

I also found this error in my terminal when running npx frontity dev

{ FetchError: invalid json response body at https://www.wp.shaunguimond.com/?password-protected=login&redirect_to=https%3A%2F%2Fwp.shaunguimond.com%2Fwp-json%2Fwp%2Fv2%2Fposts%3F_embed%3Dtrue%26page%3D1 reason: Unexpected token < in JSON at position 0
at eval (webpack-internal:///./node_modules/node-fetch/lib/index.mjs:276:32)
at processTicksAndRejections (internal/process/next_tick.js:81:5)
  message:
   'invalid json response body at https://www.wp.shaunguimond.com/?password-protected=login&redirect_to=https%3A%2F%2Fwp.shaunguimond.com%2Fwp-json%2Fwp%2Fv2%2Fposts%3F_embed%3Dtrue%26page%3D1 reason: Unexpected token < in JSON at position 0',
  type: 'invalid-json' }

Just wanted to let the team know and perhaps there might be a fix.

I’ll be looking into the issue further myself if/when I get the chance.

Thanks!

David · 16 January 2020 10:57

Hi @ShaGui and thank you for your positive feedback

I don’t know that plugin, but a first sight it looks like it’s redirecting the REST API calls to a HTML form and asking for a password. As the fetch function is expecting to receive JSON code, it fails and Frontity returns that error.

Maybe there is an option in that plugin to ignore the REST API urls, I guess?

Pablo · 16 January 2020 11:06

I’ve been taking a quick look and it doesn’t look like the plugin has native support to ignore certain URLs. There’s someone who has hacked it to add this support:

https://wordpress.org/support/topic/exclude-certain-pages-from-requiring-a-password/

ShaGui · 17 January 2020 20:36

The plugin has the option to Allow REST API Access as can be seen in the image below:

I have the plugin enable as of right now, and it is working with this setting off:

With Password Protected enabled, I do have access to the REST API, and as soon as I enable the Heads Tags plugin, the calls to the REST API break. It seems like there is some minor change made to the REST API JSON file by both plugins which leads to it breaking the calls. I’ll try and see what they change is.

ShaGui · 17 January 2020 21:01

Further details.

I have found that when I enable the REST API - HEAD Tags plugin in the settings, it is redirecting me to Password Protected’s request for a password. This does not occur when I disable the REST API - Head Tags plugin in the settings. I believe this is what @David and @Pablo was talking about. That being said, it should not be an issue, as Password Protected is supposed to access to the REST API and works with no issues until REST API - HEAD Tags is turned on in the settings.

I am beginning to think that when I enable the REST API - HEAD Tags plugin, it is perhaps changing the original REST API JSON file URL.

I’ll explore further.

David · 20 January 2020 15:48

Oh, I think I know what happens.

In order to get the tags inside the head element for a particular post /page / etc. , the plugin is changing the WordPress main query and “rendering” the HTML content of the head. After that, the HTML is converted to a JSON and the WordPress main query is restored.

I am almost sure that Password Protected is blocking the REST API just when the main query is changed.

We’ll investigate to see how we can solve it. Thanks for reporting, @ShaGui!

luisherranz · 20 January 2020 17:49

Password protected has a hook to overwrite its behavior. Maybe we can use it deactivate it if it’s a REST API request. Could you please try this?

apply_filters( 'password_protected_show_login', function() {
  return !defined('REST_REQUEST');
}, 10);

I haven’t tested the code so please run it first in your development environment!

ShaGui · 20 January 2020 21:21

@luisherranz I tried the code and it made no difference unfortunately. I believe that @David may have the solution, but I can’t be sure as I’ve tried going over the code in Password Protected and the REST API plugins and it is a little over my head at this moment Hopefully there is a solution though

luisherranz · 22 January 2020 22:11

What about this:

add_action( 'rest_api_init', function () {
  apply_filters( 'password_protected_show_login', function() {
    return false;
  });
});

luisherranz · 22 January 2020 22:12

By the way, where did you added the previous code? Because I don’t think functions.php is run when there’s a REST API request so this code needs to be added either in a plugin or with something like https://wordpress.org/plugins/code-snippets/

ShaGui · 23 January 2020 21:23

I added the code in the plugin itself. Probably not the best place or the correct place… I’ll go ahead and try both with the code snippet and see if that works. I’ll confirm tomorrow.

orballo · 23 January 2020 23:24

Just here to say that functions.php does run on REST API requests. Tested it a few days ago because I also suspected this but I was wrong.

ShaGui · 24 January 2020 19:51

I went ahead and tried this line of code along with the other one @luisherranz suggested using Code Snippet. Neither one of them worked unfortunately. The same issue occurs whenever I enable the REST API Plugin… Any other suggestions? I’m at a lost myself.

luisherranz · 25 January 2020 22:40

I don’t understand. This should deactivate the password plugin:

apply_filters( 'password_protected_show_login', function() {
  return false;
});

What happens if you add that to your functions.php file. Do you still see the login? Maybe the filter is broken…

trzcinskid0 · 23 March 2020 17:24

Hello,

Any progress with this issue?

I tried every method from this post but the REST API - HEAD Tags plugin still doesn’t work with password plugin.

ShaGui · 24 March 2020 17:54

I wasn’t able to get it to work, but I am unsure which plugin is the issue…

luisherranz · 25 March 2020 06:55

Hey guys, maybe you should contact Ben Huson for assistance on how to disable his plugin in the REST API?

trzcinskid0 · 25 March 2020 14:13

@luisherranz
Yes, that’s good idea.

I already find workaround to this issue. I switched “Password Protected plugin” on something similar - Haadless Mode plugin. (https://wordpress.org/plugins/headless-mode/)

It comply with my requirements and redirects from wordpress front page to my blog, maintaining good SEO practices.

It also has no problems with REST API HEAD TAGS plugin.

luisherranz · 25 March 2020 16:10

Nice plugin @trzcinskid0. Thanks for sharing

403page · 29 March 2020 01:42

I use this too! Great lightweight plugin. No settings or anything. Just activate. I’ve bundled it as an mu-plugin in my boilerplate code for any new builds so it doesn’t clutter up my plugin page (not that I use that many anyway, it just doesnt need to appear in wp-admin at all so…)