diff --git src/wp-admin/includes/admin-filters.php src/wp-admin/includes/admin-filters.php
index 7f94480d02..9eb54874d0 100644
|
|
add_filter( 'heartbeat_received', 'wp_check_locked_posts', 10, 3 ); |
63 | 63 | add_filter( 'heartbeat_received', 'wp_refresh_post_lock', 10, 3 ); |
64 | 64 | add_filter( 'wp_refresh_nonces', 'wp_refresh_post_nonces', 10, 3 ); |
65 | 65 | add_filter( 'heartbeat_received', 'heartbeat_autosave', 500, 2 ); |
| 66 | add_filter( 'heartbeat_received', 'rest_refresh_nonce_on_heartbeat', 10, 2 ); |
66 | 67 | |
67 | 68 | add_filter( 'heartbeat_settings', 'wp_heartbeat_set_suspension' ); |
68 | 69 | |
diff --git src/wp-includes/js/wp-api-nonce.js src/wp-includes/js/wp-api-nonce.js
new file mode 100644
index 0000000000..b1ef0b3d6b
-
|
+
|
|
| 1 | jQuery( function ($) { |
| 2 | |
| 3 | // Send the current core `wp_rest` nonce with each heartbeat. |
| 4 | $( document ).on( 'heartbeat-send', function ( e, data ) { |
| 5 | data['wp-refresh-rest-nonce'] = wp.api.endpoints.at(0).get( 'nonce' ); |
| 6 | }); |
| 7 | |
| 8 | // If a new nonce is returned with the heartbeat, update the core nonce. |
| 9 | $( document ).on( 'heartbeat-tick', function ( e, data ) { |
| 10 | if ( 'wp-refresh-rest-nonce' in data ) { |
| 11 | wp.api.endpoints.at(0).set( 'nonce', data['wp-refresh-rest-nonce'] ); |
| 12 | } |
| 13 | }); |
| 14 | }); |
diff --git src/wp-includes/rest-api.php src/wp-includes/rest-api.php
index 06bb9f9f80..30a1530c94 100644
|
|
function rest_cookie_check_errors( $result ) { |
746 | 746 | return true; |
747 | 747 | } |
748 | 748 | |
| 749 | /** |
| 750 | * Refresh the REST API nonce on heartbeat requests. |
| 751 | * |
| 752 | * @since 4.9 |
| 753 | * |
| 754 | * @param array $response The Heartbeat response. |
| 755 | * @param array $data The $_POST data sent. |
| 756 | * @return array The Heartbeat response. |
| 757 | */ |
| 758 | function rest_refresh_nonce_on_heartbeat( $response, $data ) { |
| 759 | if ( array_key_exists( 'wp-refresh-rest-nonce', $data ) ) { |
| 760 | |
| 761 | // Are we in the second tick, meaning the nonce was generated between 12 and 24 hours ago? |
| 762 | if ( 2 === wp_verify_nonce( $data['wp-refresh-rest-nonce'] ) ) { |
| 763 | |
| 764 | // Update nonce. |
| 765 | $response['wp-refresh-rest-nonce'] = wp_create_nonce( 'wp_rest' ); |
| 766 | } |
| 767 | } |
| 768 | |
| 769 | return $response; |
| 770 | } |
| 771 | |
749 | 772 | /** |
750 | 773 | * Collects cookie authentication status. |
751 | 774 | * |
diff --git src/wp-includes/script-loader.php src/wp-includes/script-loader.php
index 7f6f6021d1..0a05041bf7 100644
|
|
function wp_default_scripts( &$scripts ) { |
505 | 505 | 'ariaShow' => esc_attr__( 'Show password' ), |
506 | 506 | 'ariaHide' => esc_attr__( 'Hide password' ), |
507 | 507 | ) ); |
| 508 | $scripts->add( 'wp-api-nonce', "/wp-includes/js/wp-api-nonce$suffix.js", array( 'jquery', 'heartbeat' ), false, 1 ); |
508 | 509 | |
509 | 510 | $scripts->add( 'language-chooser', "/wp-admin/js/language-chooser$suffix.js", array( 'jquery' ), false, 1 ); |
510 | 511 | |
… |
… |
function wp_default_scripts( &$scripts ) { |
618 | 619 | $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); |
619 | 620 | $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); |
620 | 621 | |
621 | | $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 ); |
| 622 | $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request', 'wp-api-nonce' ), false, 1 ); |
622 | 623 | |
623 | 624 | if ( is_admin() ) { |
624 | 625 | $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); |