WordPress.org

Make WordPress Core


Ignore:
Timestamp:
05/19/2017 08:26:48 PM (5 years ago)
Author:
jnylen0
Message:

REST API: Avoid sending blank Last-Modified headers with authenticated requests.

This commit adds a new WP_REST_Server#remove_header method and uses it to clear the Last-Modified header when the "no caching" headers are sent (by default for all authenticated REST API requests). This matches the behavior of the nocache_headers function used in other parts of WordPress.

Previously, the REST API would send an empty Last-Modified header in this situation. Under some server and browser configurations, this causes browsers to cache authenticated REST API requests, which is undesirable.

Props iv3rson76, zinigor, rmccue, jnylen0.
Fixes #40444.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/tests/phpunit/tests/rest-api/rest-server.php

    r40238 r40805  
    764764
    765765        foreach ( wp_get_nocache_headers() as $header => $value ) {
     766            if ( empty( $value ) ) {
     767                continue;
     768            }
     769
    766770            $this->assertTrue( isset( $headers[ $header ] ), sprintf( 'Header %s is not present in the response.', $header ) );
    767771            $this->assertEquals( $value, $headers[ $header ] );
    768772        }
     773
     774        // Last-Modified should be unset as per #WP23021
     775        $this->assertFalse( isset( $headers['Last-Modified'] ), 'Last-Modified should not be sent.' );
    769776    }
    770777
Note: See TracChangeset for help on using the changeset viewer.