WordPress.org

Make WordPress Core

Changeset 35773


Ignore:
Timestamp:
12/04/2015 11:35:54 PM (4 years ago)
Author:
wonderboymusic
Message:

REST API: Core typically sends nocache headers on all auth'ed responses, as in wp, admin-ajax, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves.

Adds unit tests.

Props joehoyle.
Fixes #34832.

Location:
trunk
Files:
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-server.php

    r35758 r35773  
    236236        $this->send_header( 'Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages' );
    237237        $this->send_header( 'Access-Control-Allow-Headers', 'Authorization' );
     238
     239        /**
     240         * Send nocache headers on authenticated requests.
     241         *
     242         * @since 4.4.0
     243         *
     244         * @param bool $rest_send_nocache_headers Whether to send no-cache headers.
     245         */
     246        $send_no_cache_headers = apply_filters( 'rest_send_nocache_headers', is_user_logged_in() );
     247        if ( $send_no_cache_headers ) {
     248            foreach ( wp_get_nocache_headers() as $header => $header_value ) {
     249                $this->send_header( $header, $header_value );
     250            }
     251        }
    238252
    239253        /**
  • trunk/tests/phpunit/includes/spy-rest-server.php

    r34928 r35773  
    22
    33class Spy_REST_Server extends WP_REST_Server {
     4
     5    public $sent_headers = array();
     6    public $sent_body = '';
     7
    48    /**
    59     * Get the raw $endpoints data from the server
     
    2125        return call_user_func_array( array( $this, $method ), $args );
    2226    }
     27
     28    public function send_header( $header, $value ) {
     29        $this->sent_headers[ $header ] = $value;
     30    }
     31
     32    public function serve_request( $path = null ) {
     33
     34        ob_start();
     35        $result = parent::serve_request( $path );
     36        $this->sent_body = ob_get_clean();
     37        return $result;
     38    }
    2339}
  • trunk/tests/phpunit/tests/rest-api/rest-server.php

    r35758 r35773  
    620620        $this->assertContains( 'test/another', $namespaces );
    621621    }
     622
     623    public function test_nocache_headers_on_authenticated_requests() {
     624        $editor = self::factory()->user->create( array( 'role' => 'editor' ) );
     625        $request = new WP_REST_Request( 'GET', '/', array() );
     626        wp_set_current_user( $editor );
     627
     628        $result = $this->server->serve_request('/');
     629        $headers = $this->server->sent_headers;
     630
     631        foreach ( wp_get_nocache_headers() as $header => $value ) {
     632            $this->assertTrue( isset( $headers[ $header ] ), sprintf( 'Header %s is not present in the response.', $header ) );
     633            $this->assertEquals( $value, $headers[ $header ] );
     634        }
     635    }
     636
     637    public function test_no_nocache_headers_on_unauthenticated_requests() {
     638        $editor = self::factory()->user->create( array( 'role' => 'editor' ) );
     639        $request = new WP_REST_Request( 'GET', '/', array() );
     640
     641        $result = $this->server->serve_request('/');
     642        $headers = $this->server->sent_headers;
     643
     644        foreach ( wp_get_nocache_headers() as $header => $value ) {
     645            $this->assertFalse( isset( $headers[ $header ] ) && $headers[ $header ] === $value, sprintf( 'Header %s is set to nocache.', $header ) );
     646        }
     647    }
    622648}
Note: See TracChangeset for help on using the changeset viewer.