[wp-trac] [WordPress Trac] #42948: Backbone client sending empty string in X-WP-Nonce header by default in some cases
WordPress Trac
noreply at wordpress.org
Sun Mar 18 17:20:51 UTC 2018
#42948: Backbone client sending empty string in X-WP-Nonce header by default in
some cases
--------------------------+------------------------------
Reporter: FPCSJames | Owner: adamsilverstein
Type: defect (bug) | Status: closed
Priority: normal | Milestone: 4.9.5
Component: REST API | Version: 4.9.1
Severity: normal | Resolution: fixed
Keywords: | Focuses:
--------------------------+------------------------------
Changes (by ocean90):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"42852"]:
{{{
#!CommitTicketReference repository="" revision="42852"
REST API JavaScript Client: Support an empty string for `nonce` to disable
sending the X-WP-Nonce header.
Passing a `nonce` argument with an empty string to `wp.api.init()` now
does no longer fall back to `wpApiSettings.nonce`. This makes it possible
to stop sending nonce headers, for example to a read-only endpoint on
another site in a multisite install.
Props adamsilverstein, FPCSJames, ocean90, swissspidy.
Fixes #42948, #43266.
}}}
--
Ticket URL: <https://core.trac.wordpress.org/ticket/42948#comment:11>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list