[wp-trac] [WordPress Trac] #45113: Integrate compatibility related functions for the new editor
WordPress Trac
noreply at wordpress.org
Thu Nov 22 00:33:07 UTC 2018
#45113: Integrate compatibility related functions for the new editor
-------------------------------------+-----------------------
Reporter: desrosj | Owner: pento
Type: task (blessed) | Status: assigned
Priority: normal | Milestone: 5.0
Component: General | Version:
Severity: normal | Resolution:
Keywords: has-patch needs-testing | Focuses:
-------------------------------------+-----------------------
Comment (by dd32):
Replying to [comment:12 adamsilverstein]:
> The changes in [attachment:"45113.heartbeatnonce.diff"] look good, I can
give that some testing later in my local with nonce expiration set very
low to verify refresh is actually working.
>
> I agree we can likely remove the unused nonces included in the html as
long as we are sure they aren't used. I did a little research to see
how/if we use these nonces:
>
> I think we need these nonces (and keep them refreshed) for actions taken
within the classic editor block:
>
> `_ajax_linking_nonce` is for ajax requests made when using the link
selection modal which is still available.
Yep, confirmed that's still in use. When links are inserted with the
classic editor block they go via `admin-ajax.php`, rather than via `wp-
json` in the rest of the blocks.
> `_wpnonce` is used in wp.media, think we need to retain that, I'll try
to confirm by looking for the nonce in requests
The `_wpnonce` in question was a `edit_post_{$id}` nonce, so I don't think
it was being refreshed for the purposes of media, but I'll take another
look into that.
Based on the above, I'm going to go back to the drawing board a little,
and restore the existing nonce refreshing, but I'm not sure if i'll get to
that today.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45113#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list