[wp-trac] [WordPress Trac] #42948: Backbone client sending empty string in X-WP-Nonce header by default in some cases

WordPress Trac noreply at wordpress.org
Sun Mar 18 20:04:03 UTC 2018


#42948: Backbone client sending empty string in X-WP-Nonce header by default in
some cases
--------------------------+------------------------------
 Reporter:  FPCSJames     |       Owner:  adamsilverstein
     Type:  defect (bug)  |      Status:  closed
 Priority:  normal        |   Milestone:  4.9.5
Component:  REST API      |     Version:  4.9.1
 Severity:  normal        |  Resolution:  fixed
 Keywords:                |     Focuses:
--------------------------+------------------------------

Comment (by ocean90):

 In [changeset:"42854"]:
 {{{
 #!CommitTicketReference repository="" revision="42854"
 REST API JavaScript Client: Support an empty string for `nonce` to disable
 sending the X-WP-Nonce header.

 Passing a `nonce` argument with an empty string to `wp.api.init()` now
 does no longer fall back to `wpApiSettings.nonce`. This makes it possible
 to stop sending nonce headers, for example to a read-only endpoint on
 another site in a multisite install.

 Merge of [42852] to the 4.9 branch.

 Props adamsilverstein, FPCSJames, ocean90, swissspidy.
 See #42948, #43266.
 }}}

--
Ticket URL: <https://core.trac.wordpress.org/ticket/42948#comment:12>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list