[wp-trac] [WordPress Trac] #35662: Include a refreshed nonce when responding to an authenticated REST API response
WordPress Trac
noreply at wordpress.org
Fri Jan 29 16:30:22 UTC 2016
#35662: Include a refreshed nonce when responding to an authenticated REST API
response
-----------------------------+-----------------------------
Reporter: adamsilverstein | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 4.4
Severity: normal | Keywords: has-patch
Focuses: |
-----------------------------+-----------------------------
In https://github.com/WP-API/WP-API/issues/2146 @kadamwhite points out
that in order for long lived JavaScript applications to remain
authenticated. Without this, the nonce localized at load time will expire.
My proposal is to add a `X-WP-Nonce` header with a new nonce in responses
to authenticated requests.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35662>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list