Make WordPress Core

Changeset 42854 for branches/4.9


Ignore:
Timestamp:
03/18/2018 08:03:59 PM (7 years ago)
Author:
ocean90
Message:

REST API JavaScript Client: Support an empty string for nonce to disable sending the X-WP-Nonce header.

Passing a nonce argument with an empty string to wp.api.init() now does no longer fall back to wpApiSettings.nonce. This makes it possible to stop sending nonce headers, for example to a read-only endpoint on another site in a multisite install.

Merge of [42852] to the 4.9 branch.

Props adamsilverstein, FPCSJames, ocean90, swissspidy.
See #42948, #43266.

Location:
branches/4.9
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • branches/4.9

  • branches/4.9/src/wp-includes/js/wp-api.js

    r42853 r42854  
    849849                }
    850850
    851                 if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) {
     851                if ( _.isFunction( model.nonce ) && ! _.isEmpty( model.nonce() ) ) {
    852852                    beforeSend = options.beforeSend;
    853853
     
    993993                options = options || {};
    994994
    995                 if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) {
     995                if ( _.isFunction( model.nonce ) && ! _.isEmpty( model.nonce() ) ) {
    996996                    beforeSend = options.beforeSend;
    997997
     
    14911491     *
    14921492     * @param {object} [args]
     1493     * @param {string} [args.nonce] The nonce. Optional, defaults to wpApiSettings.nonce.
    14931494     * @param {string} [args.apiRoot] The api root. Optional, defaults to wpApiSettings.root.
    14941495     * @param {string} [args.versionString] The version string. Optional, defaults to wpApiSettings.root.
     
    14991500
    15001501        args                      = args || {};
    1501         attributes.nonce          = args.nonce || wpApiSettings.nonce || '';
     1502        attributes.nonce          = _.isString( args.nonce ) ? args.nonce : ( wpApiSettings.nonce || '' );
    15021503        attributes.apiRoot        = args.apiRoot || wpApiSettings.root || '/wp-json';
    15031504        attributes.versionString  = args.versionString || wpApiSettings.versionString || 'wp/v2/';
Note: See TracChangeset for help on using the changeset viewer.