[wp-trac] [WordPress Trac] #37569: REST API: refresh expired nonces

WordPress Trac noreply at wordpress.org
Sun Oct 22 22:09:07 UTC 2017


#37569: REST API: refresh expired nonces
------------------------------------+------------------
 Reporter:  iseulde                 |       Owner:
     Type:  enhancement             |      Status:  new
 Priority:  normal                  |   Milestone:  5.0
Component:  REST API                |     Version:  4.4
 Severity:  normal                  |  Resolution:
 Keywords:  dev-feedback has-patch  |     Focuses:
------------------------------------+------------------
Changes (by adamsilverstein):

 * keywords:  needs-docs dev-feedback has-patch => dev-feedback has-patch
 * milestone:  Future Release => 5.0


Comment:

 In [attachment:37569.3.diff]
 * include a fresh nonce in rest responses when the user is logged in, even
 if the nonce check fails
 * retry the sync when a nonce failure is detected and a new nonce is
 available

 My only concern here is potentially infinite recursion, if the returned
 nonce continues to change, the request will be made repeatedly. This
 shouldn't happen, but might be worth explicitly preventing it.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/37569#comment:28>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list