Solvedwp calypso Editor: Permission Errors when trying to Update/Publish Post/Pages

We are receiving several reports of customers getting errors when trying to update or publish posts/page. Initial P2 #p2EDhh-19p-p2

HEs Warning P2: p7DVsv-9vm-p2

Systems P2: pMz3w-c2B-p2


Logging added here: D50847-code and D50934-code
Logs: in kibana for feature : update_item_permissions_check_failure
If a cookie is not set, it will not appear. If wp_api_sec is set and valid it will have the user id as value. If not valid it will have false as value. The rest cookies false values are a side effect only.

Screen Shot on 2020-11-09 at 16:06:11

Steps to reproduce

It's hard to say as all cases are different and not necessarily corrected in the same way. I am adding the comments from the original P2 here to have it all in one place.

  • #23849977-hc, #24239938-hc - Scheduling failed. Sorry, you are not allowed to edit this post.”

  • #3254656-zen: “Scheduling failed. Sorry, you are not allowed to edit this post.” error as shown in this screenshot:

  • #23849977-hc: “Sorry, you are not allowed to edit this post” as shown in this screenshot:

  • #3299020-hc – “Sorry, you are not allowed to edit this post”

  • #3302662-zen - “Sorry, you are not allowed to edit this post”

  • Social Post 1

  • Social Post 2

  • #3315500-zen - Only occurring in Edge and not Chrome.

  • #24239938-hc - They used Chrome and tried clearing cache in Chrome but the issue persists. It works when they used Firefox though.

  • #11163274-hc I can’t get my blog posts to update or save- I can’t get HTML blocks to show up. I keep getting the message that I am not allowed to edit something when I am the only person who does have permissions for this site. It deletes my work and won’t save. This is not a common error message.”

  • Error: “Updating failed. Sorry, you are not allowed to edit this post.”
    Domain: (unspecified, presumably multiple sites as this user has many, but I’ll ask)
    Browser: Chrome
    Theme: (unspecified)
    Plan: Free

Action: since they’re having issues with “liking” posts, too, I’m wondering if it’s a login issue. I’m having them log out, clear cache, and log back in to see if that will help.

Otherwise, is this related to samesite browser cookie changes?

  • #3340559-zen - Clearing cache works immediately – but the problem keeps recurring regularly.

They also report this happening more widely with people they know:

This is not a solitary issue with just my blog. I run a group that attempts to post daily in November and the current problems makes it almost impossible to think about attempting this on the WordPress platform. A blogger in that group who is open to their blog being examined over this recurring error is

@davemart-in @cathymcbride

49 Answers

✔️Accepted Answer

The fix has been deployed today to wpcom as D57128, after the first attempt had to be reverted due to a mistake.

I'll now close the issue. Don't hesitate to add further reports if the issue happens to any customer. We're not 100% sure that the issue is gone for good. 🙂

Other Answers:

Since the issue seems to point there is a cookies problem, I analyzed the cookies we use when making a request to the API, and found out that when the wp_api_sec cookie is missing / has expired / contains an invalid value, the API returns a "Sorry, you are not allowed to edit this post." error.

Screen Shot 2020-09-28 at 13 19 37

I confirmed it by manually deleting the cookie using the Chrome dev tools. Reloading the editor always brings the cookie back for me. Would it be possible to ask users to provide an screenshot of the browser dev tool showing the wp_api_sec cookie stored for the API? In Chrome this can be done by opening the menu and then going to More tools > Developer Tools > Application > Storage > Cookies >

I can reproduce the issue. As the issue is security-related and doesn't have much to do with the Calypso frontend itself, I shared the details in an internal P2 post: pcNnmV-x-p2#comment-38

Quick way to reproduce is:

  1. Start editing a post in Gutenframe
  2. Open a new tab with the /log-in page and login there as the same user. That resets your auth cookies.
  3. Switch back to the editor tab and click "Update" or "Save". The original tab is confused by the new auth cookies and will send a REST request with inconsistent auth info. And it will fail.

Wooo! Thanks @jsnajdr. This has been a long standing issue. It's great to see this fixed.

I have posted a P2 p7DVsv-9vm-p2 to raise HEs awareness and collect some feedback. Next steps:

  1. Collect some demographics about users / sites in conjunction with evidence collected
  2. Add an error logging mechanism that will log the cookies currently set

Related Issues:

wp calypso Editor: Permission Errors when trying to Update/Publish Post/Pages
The fix has been deployed today to wpcom as D57128 after the first attempt had to be reverted due to...
wp calypso Calypso: Deep links redirecting
This is a real bug and it's probably been around for some time Not a recent regression ...
webpack Cannot assign to read only property 'exports' of object '#<Object>' (mix require and export)
The code above is ok You can mix require and export You can't mix import and module.exports. ...
webpack How to exclude node_modules but one
@borm: a solution: Subj as example I create some module in another folder ( /projects/MY_MODULE ) MY...
babel ReferenceError regeneratorRuntime is not defined
I had this issue using rollup with babel I just used this babel config to resolve it : ...
webpack nodejs 17: digital envelope routines::unsupported
workaround: Bug report What is the current behavior? Other relevant information: webpack version: 5....
webpack TypeError: Data must be a string or a buffer
Here is a workaround to help you to find the wrong import Using the latest 2.2.0 release although th...
javascript How to configure React Native (Expo) project to use AirBnB's React rules via ESLint?
This is what I do in React and React Native: Step 1 Step 2 Backup your eslintrc file in case you wan...
webpack webpack 4: access the mode flag from webpack.config.js file
This seems to work correctly with --mode production -p and <no flag> Do you want to request a featur...
webpack Webpack gives $ is not defined or jQuery is not defined error in console
Just use like this or add to webpack Do you want to request a feature or report a bug? What is the c...
babel Support for the experimental syntax 'classProperties' isn't currently enabled
@xtuc Actually I tried to erase bable preset & plugins code in package.json and webpack.config.js an...
webpack Error: Cannot find module 'webpack/lib/node/NodeTemplatePlugin'
I got this same error reinstalled it locally and ran it with package scripts and it worked npm remov...
core js 3.0.0-beta.3 - Can't resolve 'core-js/es7/reflect'
I have the Angular 7 CLI working fine with core-js 3 I'm using @angular/cli I upgraded to the 3.0.0-...
webpack "Uncaught SyntaxError: Unexpected token <" error happened sometimes
I have a same problem fix with added <base href=/ /> into the <head> of my index.html ...
babel No "exports" main resolved in @babel/helper-compilation-targets/package.json
I fixed this issue by removing the node_modules directory and package-lock.json file then run npm in...
babel Module build failed (from ./node_modules/babel-loader/lib/index.js):
The issue might be because babel-loader@8 depends on babel@7? If you want to use babel-loader@8 try ...
webpack [BUG?] npm link causes Webpack to look for babel-plugin in linked package node_modules.
try to add resolve: { symlinks: false } to your webpack.config I've linked a package that is outside...
webpack Parsing of import() fails in 4.29.0 (Compilation issue, related to dynamic import)
Running these commands fixes the problem in your repro @Dbuggerx It seem to be a npm problem ...
webpack webpack watch mode not working....
Try this workaround: Add this to your webpack configuration file: General Information: webpack versi...
babel "regeneratorRuntime is not defined" error with async and "useBuiltIns": "usage"
The solution from this issue thread worked for me Importing the following: for my dependencies and h...
javascript Using 'ForInStatement' is not allowed (no-restricted-syntax)
@francoisromain Object.assign(options opts) Since version 8 there is this error on for in loops What...
webpack webpack broken by ajv@6.9.0, "custom keyword definition is invalid: data.errors should be boolean"
If you use yarn add below to package.json then run yarn install if you use npm ...
babel Plugin/Preset files are not allowed to export objects, only functions.
Just like env is now @babel/env react should be @babel/react and you'll need to install @babel/prese...
webpack Webpack 2.0 doesn't support custom command line arguments?
Yes this is intended Custom argumens can be passed via --env prefix i e --env.compress ...
webpack error:'output.filename' is required, either in config file or as --output-filename"
exports not export,that is the reason. Do you want to request a feature or report a bug? bug What is...
javascript Why no setState in componentDidMount?
As the docs state that they belong in componentDidMount: If you want to integrate with other JavaScr...
webpack DefinePlugin does not inject variable
Hmm I was just having this issue and it was trolling me process.env was showing as an empty object ...
webpack Webpack moment.js integration
To the next person trying to get one of the above configurations to work (which they did not for me)...
webpack Strange warning stating that export does not exist when it does
Maybe this is not a bug Bug report What is the current behavior? Not sure if this is a problem with ...
javascript .jsx extension cannot be used with React Native
@borisyankov what's common isn't the primary motivator for this guide it's what we use at Airbnb We ...
babel Requires Babel “7.0.0-0” but was loaded with “6.26.3”
@rayj10 I think you need to add babel-core: ^7.0.0-bridge.0 Try this: Bug Report Current Behavior Ke...
webpack multiple usage of the CommonsChunkPlugin, only first works
The CommonsChunkPlugin selects only entry chunks Do you want to request a feature or report a bug? I...
webpack Using dynamic require on node targets WITHOUT resolve or bundle the target module
const server = __non_webpack_require__(entryPath) Do you want to request a feature or report a bug? ...
webpack Webpack 4 chunking different runtime behaviour compared to Webpack 3
I stumbled upon such a configuration after trying many many variations Conceptually I'm not 100% sur...
javascript What is the benefit of prefer-default-export?
webpack Error when trying to build bundle after upgrading to 4.20.0
Please read CHANGELOG Update internal struct...
webpack Using webpack 4 on a large project (or, how to avoid "JavaScript heap out of memory" with production mode)
For those looking to increase the memory used by webpack Do you want to request a feature or report ...
webpack Webpack 4.0 file-loader json issue
I was able to copy my .json config file to the build folder using this: Do you want to request a fea...
babel Async functions producing an error "ReferenceError: regeneratorRuntime is not defined"
Update your .babelrc file according to the following examples it will work Input Code Babel Configur...
webpack Module not found: Error: Cannot resolve 'file' or 'directory' (import sass with a relative font folder in webpack)
Just had this problem too It's an error in finding the right directory Use the path relative to / In...
babel Migrate to babel 7: Requires Babel "^7.0.0-0", but was loaded with "6.26.3"
@budarin try installing babel-core@7.0.0-bridge.0 alongside @babel/core and then adding this to your...
javascript What is the point of the no-continue rule?
@MegaArman Loops are still useful in 2018 in many non trivial cases and will stay useful even in 211...
webpack import() support in webpack 2
import() reached stage-3 🎉 Domenic's import() proposal is as of last week stage-2 ...
webpack [NodeJS v.7] Webpack ERROR in Path must be a string. Received undefined
add a key 'publicPath' to the webpack config output node I'm update my node.js to version 7 ...
webpack BUG: "export 'default' (imported as 'selection_enter') was not found in './enter'
In case anyone stumbles across this thread.. Do you want to request a feature or report a bug? BUG W...
javascript Option to disable a11y plugin?
For everyone who wondering how to use mentioned workaround: We love the airbnb style guide including...
webpack Ability to export only module's default when building a library
Is seems this issue was solved by the libraryExport setting and should be closed. ...
webpack Error: Cannot find module 'webpack/lib/removeAndDo' when building a project
For me the issue was caused by extract-text-webpack-plugin module Older version of this package are ...
babel copy-files flag does not respect ignore block in .babelrc
Forgive me if I'm coming out of left field but.. Bug: If in your build script you have --copy-files ...
javascript react/jsx-no-bind: how to pass args from callbacks?
Right - at that point you might as well disable the rule. I have a question about react/jsx-no-bind ...