WordPress.org

Make WordPress Core

Changeset 41206


Ignore:
Timestamp:
08/02/2017 04:44:05 PM (4 years ago)
Author:
jnylen0
Message:

REST API: Allow overriding jQuery.ajax calls from within wp-admin

There are now 3 places where we call out to the REST API from within wp-admin. This commit introduces a small library to allow overriding these calls, centralize nonce-passing logic, and eliminate the need to pass a full REST URL down to client code (this last feature is not yet used and will be explored in a separate ticket).

Fixes #40919.

Location:
trunk
Files:
1 added
7 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-admin/js/widgets/media-video-widget.js

    r40821 r41206  
    111111            }
    112112
    113             control.fetchEmbedDfd = jQuery.ajax({
     113            control.fetchEmbedDfd = wp.apiRequest({
    114114                url: wp.media.view.settings.oEmbedProxyUrl,
    115115                data: {
     
    117117                    maxwidth: control.model.get( 'width' ),
    118118                    maxheight: control.model.get( 'height' ),
    119                     _wpnonce: wp.media.view.settings.nonce.wpRestApi,
    120119                    discover: false
    121120                },
  • trunk/src/wp-admin/js/widgets/media-widgets.js

    r41179 r41206  
    201201                        }
    202202
    203                         embedLinkView.dfd = $.ajax({
     203                        embedLinkView.dfd = wp.apiRequest({
    204204                            url: wp.media.view.settings.oEmbedProxyUrl,
    205205                            data: {
     
    207207                                maxwidth: embedLinkView.model.get( 'width' ),
    208208                                maxheight: embedLinkView.model.get( 'height' ),
    209                                 _wpnonce: wp.media.view.settings.nonce.wpRestApi,
    210209                                discover: false
    211210                            },
  • trunk/src/wp-includes/js/media-views.js

    r41179 r41206  
    46434643        }
    46444644
    4645         this.dfd = $.ajax({
     4645        this.dfd = wp.apiRequest({
    46464646            url: wp.media.view.settings.oEmbedProxyUrl,
    46474647            data: {
    46484648                url: url,
    46494649                maxwidth: this.model.get( 'width' ),
    4650                 maxheight: this.model.get( 'height' ),
    4651                 _wpnonce: wp.media.view.settings.nonce.wpRestApi
     4650                maxheight: this.model.get( 'height' )
    46524651            },
    46534652            type: 'GET',
  • trunk/src/wp-includes/js/media/views/embed/link.js

    r41179 r41206  
    5454        }
    5555
    56         this.dfd = $.ajax({
     56        this.dfd = wp.apiRequest({
    5757            url: wp.media.view.settings.oEmbedProxyUrl,
    5858            data: {
    5959                url: url,
    6060                maxwidth: this.model.get( 'width' ),
    61                 maxheight: this.model.get( 'height' ),
    62                 _wpnonce: wp.media.view.settings.nonce.wpRestApi
     61                maxheight: this.model.get( 'height' )
    6362            },
    6463            type: 'GET',
  • trunk/src/wp-includes/media.php

    r41198 r41206  
    34383438        'nonce'     => array(
    34393439            'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
    3440             'wpRestApi'    => wp_create_nonce( 'wp_rest' ),
    34413440        ),
    34423441        'post'    => array(
  • trunk/src/wp-includes/script-loader.php

    r41198 r41206  
    132132        'noPerm' => __('Sorry, you are not allowed to do that.'),
    133133        'broken' => __('An unidentified error has occurred.')
     134    ) );
     135
     136    $scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 );
     137    // `wpApiSettings` is also used by `wp-api`, which depends on this script.
     138    did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array(
     139        'root'          => esc_url_raw( get_rest_url() ),
     140        'nonce'         => ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ),
     141        'versionString' => 'wp/v2/',
    134142    ) );
    135143
     
    567575    // To enqueue media-views or media-editor, call wp_enqueue_media().
    568576    // Both rely on numerous settings, styles, and templates to operate correctly.
    569     $scripts->add( 'media-views',  "/wp-includes/js/media-views$suffix.js",  array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement' ), false, 1 );
     577    $scripts->add( 'media-views',  "/wp-includes/js/media-views$suffix.js",  array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request' ), false, 1 );
    570578    $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 );
    571579    $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 );
    572580    $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 );
    573581
    574     $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore' ), false, 1 );
    575     did_action( 'init' ) && $scripts->localize( 'wp-api', 'wpApiSettings', array(
    576         'root'          => esc_url_raw( get_rest_url() ),
    577         'nonce'         => ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ),
    578         'versionString' => 'wp/v2/',
    579     ) );
     582    $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 );
    580583
    581584    if ( is_admin() ) {
     
    670673
    671674        $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable' ), false, 1 );
    672         $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views' ) );
     675        $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) );
    673676        $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' );
    674677
    675678        $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
    676679        $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) );
    677         $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
     680        $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) );
    678681        $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) );
    679682        $scripts->add_inline_script( 'text-widgets', 'wp.textWidgets.init();', 'after' );
  • trunk/tests/qunit/index.html

    r40784 r41206  
    2020        <script>
    2121            var wpApiSettings = {
    22                 'root': 'http://localhost/wp-json/'
     22                root: 'http://localhost/wp-json/',
     23                nonce: 'not_a_real_nonce'
    2324            };
    2425        </script>
     
    7879        <script src="../../src/wp-includes/js/shortcode.js"></script>
    7980        <script src="../../src/wp-admin/js/customize-controls.js"></script>
     81        <script src="../../src/wp-includes/js/api-request.js"></script>
    8082        <script src="../../src/wp-includes/js/wp-api.js"></script>
    8183
     
    123125        <script src="wp-admin/js/customize-header.js"></script>
    124126        <script src="wp-includes/js/shortcode.js"></script>
     127        <script src="wp-includes/js/api-request.js"></script>
    125128        <script src="wp-includes/js/wp-api.js"></script>
    126129        <script src="wp-admin/js/customize-controls.js"></script>
Note: See TracChangeset for help on using the changeset viewer.