[wp-trac] [WordPress Trac] #45113: Integrate compatibility related functions for the new editor

WordPress Trac noreply at wordpress.org
Wed Nov 21 04:11:19 UTC 2018 

#45113: Integrate compatibility related functions for the new editor
-------------------------------------+-----------------------
 Reporter:  desrosj                  |       Owner:  pento
     Type:  task (blessed)           |      Status:  assigned
 Priority:  normal                   |   Milestone:  5.0
Component:  General                  |     Version:
 Severity:  normal                   |  Resolution:
 Keywords:  has-patch needs-testing  |     Focuses:
-------------------------------------+-----------------------
Changes (by dd32):

 * keywords:  needs-patch => has-patch needs-testing


Comment:

 Replying to [comment:3 pento]:
 > I haven't ported
 `gutenberg_add_rest_nonce_to_heartbeat_response_headers()` yet, the
 current naming doesn't fit in with the structure of the other nonces in
 `wp_refresh_post_nonces()`, but we'll need to change the name in
 `@wordpress/api-fetch` to match.

 While working on this, I realised that `wp_refresh_post_nonces()` is no
 longer being used, as that code path is classic-editor only. As a result,
 the heartbeat nonce hasn't been being refreshed either (As that's been
 handled by `wp-admin/includes/post.js` in the past).

 [attachment:"45113.heartbeatnonce.diff"] takes a slightly different
 approach than what was previously done in core:
  - The Heartbeat nonce updating is now handled by `heartbeat.js` itself,
 rather than relying upon the loaded editor
  - `heartbeat.js` also updates the `wp-api` package nonce global if loaded
  - `heartbeat.js` now includes a reliance upon `wp-hooks` to do both
 `jQuery.trigger()` and `wp.hooks.doAction()` on events, so `api-fetch` can
 hook in directly to retrieve the nonce.

 I've included a line that's intended to be temporary, returning `rest-
 nonce` in addition to `rest_nonce` for compatibility with the current
 `api-fetch` while acknowledging we probably should rename that to be
 `rest_nonce`.

 Although untested at time of this comment, these changes should work
 transparently with the current Gutenberg stable/master.

 ----

 After I wrote and tested the above, I realised that the nonces mentioned
 in `wp_refresh_post_nonces()` are included within the HTML for the Block
 editor. However, I don't think they're actually used, and are just a
 vestige so maybe not needed?
  - `getpermalinknonce` - Not included
  - `samplepermalinknonce` - Included in HTML, seems unused.
  - `closedpostboxesnonce` - Included in HTML, seems unused.
  - `_ajax_linking_nonce` - Included in HTML, seems like the internal
 linking dialogue uses `wp-json` instead of utilising this with `admin-
 ajax.php` though.
  - `_wpnonce` - Included in HTML (actually multiple fields named that,
 with different source nonces) and seems like it's not used either as all
 actions go through the rest api.

 With the above in mind, the approach taken in
 [attachment:"45113.heartbeatnonce.diff"] might be OK, or might need
 stepping back and having
 [https://core.trac.wordpress.org/browser/branches/5.0/src/wp-
 admin/js/post.js?marks=240-284#L238 the existing JS for updating nonces]
 extracted from `post.js` and moved into `heartbeat.js` or it's own file.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/45113#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list