What would cause cross-site origin errors when changing a post from ‘published’ to ‘draft’ mode if https seems to be working fine across the whole site?

Client broke the whole entire site and I’m trying to salvage it, but can’t get any straight answers about what he did. I just know he deleted the entire site for no apparent reason and then tried to restore it from a backup. In the process, he restored an old version of the site that is about 6 months older than how I left it, back when they didn’t have an SSL set up.

There is an SSL purchased from Namecheap that was working fine before he did whatever he did. And it still seems to be working fine now on the front end, but I think there is some plugin that added something to the .htaccess file that is screwing something up in the WP Admin area.

**I’m getting this error in the console when I try to use Quick Edit to change a post from Published to Draft mode:**

XHRPOST

[HTTP/2 403 Forbidden 157ms]

Status
403
Forbidden
VersionHTTP/2
Transferred6.57 kB (17.01 kB size)
Referrer Policystrict-origin-when-cross-origin
Request PriorityHighest

**More details:**
– The site seems to function fine from the front end with everything using ‘https’ in the URLs
– I see ‘https’ everywhere for any image paths and all URLs as I click through the site.
– In General Settings, I have both URLs set to ‘https://mydomain.com”
– In the database, in the wp_options table, the site_url and home_url are both ‘https://mydomain.com” to match what’s in General Settings
– I re-saved permalinks

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer