WordPress v5.5 is just around the corner and introduces a change to the REST API that affects how public API’s are called. What does that mean? To put it simply, the WordPress core REST API is a private API which requires a permission check before the called API can return any data.
Because this happens without any warning to the user, if the permission callback is unintentionally omitted or misspelled, the endpoint can end up being available to the public. Such a scenario has happened multiple times in the wild, and the results can be catastrophic when it occurs.
https://make.wordpress.org/core/2020/07/22/rest-api-changes-in-wordpress-5-5/
So what does that mean for CoCart? Well nothing major. However, as CoCart is a public API, the use of adding a permission_callback was not needed before but without it when used with WordPress v5.5, it will now cause all the REST API routes to trigger a _doing_it_wrong() warning (see #50075).
CoCart v2.5.0 is a minor release and adds support for the coming change made to the REST API in the WordPress v5.5 to allow CoCart to still work as a public REST API.
No changes have been made to the CoCart API itself.
Just made sure that each route is using the permission_callback correctly so the REST API returns error free. This is the same for CoCart Pro and it’s add-ons.
If you are still using the legacy API wp-json/wc/v2/cart, when you update WordPress to v5.5, you will no longer be able to use it as it will no longer register.
I highly recommend that you update to the latest API version of CoCart.
Luckily that is only 15.5% of the user base which has slowly been updating to CoCart v2.
In preparation for the release of WordPress v5.5, I have a release candidate that I wish for you to test should you be testing the latest beta or nightly build of WordPress v5.5
WordPress v5.5 is scheduled to be released on 11th August so I’m looking at releasing CoCart v2.5.0 on the 10th August so you have a day in-advanced to update so you are ready.