[wp-trac] [WordPress Trac] #35662: Include a refreshed nonce when responding to an authenticated REST API response
WordPress Trac
noreply at wordpress.org
Sun Jun 26 14:01:18 UTC 2016
#35662: Include a refreshed nonce when responding to an authenticated REST API
response
------------------------------------+-----------------------------
Reporter: adamsilverstein | Owner: rmccue
Type: enhancement | Status: reviewing
Priority: normal | Milestone: Future Release
Component: REST API | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch dev-feedback | Focuses:
------------------------------------+-----------------------------
Changes (by markjaquith):
* keywords: has-patch dev-feedback needs-refresh => has-patch dev-feedback
Comment:
[attachment:35662.7.diff]:
* Only sends the header if REST API is active.
* By default, only sends if user is logged in and nonce status is `2`.
* Sends nonce status as second parameter in the filter.
(`is_user_logged_in()` can be checked by anything hooking in).
Annoyingly, I had to remove the unit test that tests the default
functionality (without messing with the filter) because I couldn't figure
out how to generate a nonce that is already in status `2`. (Anyone have
any ideas here? Might be good for general nonce testing).
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35662#comment:17>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list