From 5fb10017bafc526f1ae595c832dcb2765fd5a6fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Oskar=20Sch=C3=B6ldstr=C3=B6m?= <m@oxy.fi>
Date: Mon, 17 Jul 2023 10:46:13 -0300
Subject: [PATCH] Allow access to gds/facetwp rest api endpoints out of the box

---
 web/app/mu-plugins/disable-rest-api.php | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/web/app/mu-plugins/disable-rest-api.php b/web/app/mu-plugins/disable-rest-api.php
index a3290555..f9a187e8 100644
--- a/web/app/mu-plugins/disable-rest-api.php
+++ b/web/app/mu-plugins/disable-rest-api.php
@@ -23,6 +23,15 @@
 remove_action('xmlrpc_rsd_apis', 'rest_output_rsd');
 
 add_filter('rest_authentication_errors', function ($access) {
+    // @see https://github.com/WordPress/wordpress-develop/blob/b316c8b25fc71920d89ee37ee26609a77b2a305a/src/wp-includes/rest-api.php#L390
+    $route = untrailingslashit($GLOBALS['wp']->query_vars['rest_route']) ?: '/';
+
+    // Allow logged out users access to the following endpoints, prevent access
+    // to others.
+    if (preg_match('@^/(facetwp|gds)/@', $route)) {
+        return $access;
+    }
+
     if (!is_user_logged_in()) {
         $message = apply_filters('disable_wp_rest_api_error', __('REST API restricted to authenticated users.', 'disable-wp-rest-api'));
         return new WP_Error('rest_login_required', $message, array('status' => rest_authorization_required_code()));