Problem with JavaScript Age Gate

  • Ate Up With Motor

    (@ate-up-with-motor)


    7 years, 4 months ago

    I’ve been experimenting with the plugin, and it works in normal mode with caching off, but I can’t get the JavaScript mode (which I’ll need with WP Super Cache), in either Admin AJAX or REST API mode. The latter seems like it might cause an issue, since my security settings restrict anonymous REST API requests. Am I doing something wrong?

    Here’s the test page I created:

    Age Verification test

    Thanks!

    The page I need help with: [log in to see the link]

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Phil

    (@philsbury)

    7 years, 4 months ago

    Hi @ate-up-with-motor,

    I don’t think we should deny access to the API or admin-ajax. There are many valid reasons to need access to it (any form of dynamic loading, for example). But I get why people want to.

    What I do though is restrict parts of the API. Or rather enable them, so in this case I would enable the age-gate endpoint (how you do this will depend on you security plugin, or server config if handled there)

    I also restrict access to the API itself to be only the site running it or those that need access. There’s some goof information on how to to that here. I think admin-ajax is already restricted to the same site.

    The link you’ve put as a test doesn’t seem to have the content restricted option checked (assuming you’re using selected content here?)

    Cheers
    Phil

    Thread Starter Ate Up With Motor

    (@ate-up-with-motor)

    7 years, 4 months ago

    The linked post is set to restricted (the Age Gate checkbox is ticked, and in the posts list it shows the closed lock icon). If I switch back to standard rather than JavaScript mode, the Age Gate comes up, but it doesn’t work at all in JavaScript mode, in either setting. I currently have the Age Gate Advanced Settings set to Admin Ajax; the hook query string option is disabled.

    Regarding restrictions, I use iThemes Security, which has two settings for REST API: Default Access and Restricted Access; the latter doesn’t turn off the REST API completely (as some plugins do), which tends to break things, but restricts it for many things — this post explains their rationale. I use the latter setting, which hasn’t caused any issues with my other plugins, but doesn’t offer granular control of the endpoints.

    (I’d previously used a separate plugin that allowed very fine-tuned control over the endpoint access, but I removed it because it was SO granular that it was really troublesome to find which endpoints needed to be accessible to avoid errors, especially since some plugin developers aren’t great at labeling things.)

    The iThemes plugin doesn’t restrict admin AJAX, and as far as I know, I haven’t done anything else that should interfere with that.

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Problem with JavaScript Age Gate’ is closed to new replies.