Make WordPress Core

Changeset 42852


Ignore:
Timestamp:
03/18/2018 05:20:47 PM (6 years ago)
Author:
ocean90
Message:

REST API JavaScript Client: Support an empty string for nonce to disable sending the X-WP-Nonce header.

Passing a nonce argument with an empty string to wp.api.init() now does no longer fall back to wpApiSettings.nonce. This makes it possible to stop sending nonce headers, for example to a read-only endpoint on another site in a multisite install.

Props adamsilverstein, FPCSJames, ocean90, swissspidy.
Fixes #42948, #43266.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/js/wp-api.js

    r42851 r42852  
    849849                }
    850850
    851                 if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) {
     851                if ( _.isFunction( model.nonce ) && ! _.isEmpty( model.nonce() ) ) {
    852852                    beforeSend = options.beforeSend;
    853853
     
    993993                options = options || {};
    994994
    995                 if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) {
     995                if ( _.isFunction( model.nonce ) && ! _.isEmpty( model.nonce() ) ) {
    996996                    beforeSend = options.beforeSend;
    997997
     
    14911491     *
    14921492     * @param {object} [args]
     1493     * @param {string} [args.nonce] The nonce. Optional, defaults to wpApiSettings.nonce.
    14931494     * @param {string} [args.apiRoot] The api root. Optional, defaults to wpApiSettings.root.
    14941495     * @param {string} [args.versionString] The version string. Optional, defaults to wpApiSettings.root.
     
    14991500
    15001501        args                      = args || {};
    1501         attributes.nonce          = args.nonce || wpApiSettings.nonce || '';
     1502        attributes.nonce          = _.isString( args.nonce ) ? args.nonce : ( wpApiSettings.nonce || '' );
    15021503        attributes.apiRoot        = args.apiRoot || wpApiSettings.root || '/wp-json';
    15031504        attributes.versionString  = args.versionString || wpApiSettings.versionString || 'wp/v2/';
Note: See TracChangeset for help on using the changeset viewer.