0

I am using Wordpress and Jetpack on a self hosted WP site and I would like to use the Wordpress REST API to create posts from a different application also on the web using just HTML & JQuery.

I can get the unauthenticated data but when I try and add a new post it requires an access token.

I have written the following,

        wpAuth.bind('click', function(){
            $.ajax({
                url: "https://public-api.wordpress.com/oauth2/token",
                dataType: "json",
                data: {
                    'client_id': 'client id',
                    'client_secret': 'secret token',
                    'grant_type': 'password',
                    'username': 'wp.comuser',
                    'password': 'a password',
                },
                type: 'POST',
                success: function( response ) {
                    console.log( response ); // server response
                }
            });             

        });

But I get an error:

XMLHttpRequest cannot load https://public-api.wordpress.com/oauth2/token. Origin http://example.com is not allowed by Access-Control-Allow-Origin.

Can someone help me understand what is the problem, I have the Javascript Origins setup at developer.wordpress.com for my app.

Justin Erswell
  • 688
  • 7
  • 42
  • 87
  • Have you checked [this thread](http://stackoverflow.com/questions/10143093/origin-is-not-allowed-by-access-control-allow-origin)? You should check header response. – skobaljic Jul 03 '15 at 12:45
  • Yeah checked that out but I think this issue I am facing is at the Wordpress API end? – Justin Erswell Jul 03 '15 at 12:50
  • Im pretty sure that their oauth2 api aint set up to handle cross browser calls due to security standard. If you try this with a CURL call in PHP im sure it will be alright. – Ole Haugset Jul 03 '15 at 13:03
  • Was trying to avoid PHP in this case as the source application is running on a windows server that I have no control over. But thanks for your suggestion – Justin Erswell Jul 03 '15 at 13:05
  • The response header from their API is: x-frame-options:SAMEORIGIN x-hacker:If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header. x-nananana:Batcache – Ole Haugset Jul 03 '15 at 13:06

0 Answers0