WordPress.org

Make WordPress Core

Opened 4 years ago

Closed 4 years ago

#34832 closed defect (bug) (fixed)

REST API does not send nocache headers on authenticated requests

Reported by: joehoyle Owned by: rmccue
Milestone: 4.4 Priority: normal
Severity: normal Version: 4.4
Component: REST API Keywords: has-unit-tests has-patch commit
Focuses: Cc:
PR Number:

Description

Core typically sends nocache headers on all auth'ed responses, as in wp, admin-ajax, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves.

I'd recommend we get this fix in 4.4 given the implications.

Attachments (2)

34832.diff (3.3 KB) - added by joehoyle 4 years ago.
34832.2.diff (3.2 KB) - added by joehoyle 4 years ago.

Download all attachments as: .zip

Change History (13)

#1 @rmccue
4 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to 4.4
  • Owner set to rmccue
  • Status changed from new to accepted

#2 @markjaquith
4 years ago

What are the criteria? Should it be done via a hook, so it can be unhooked?

#3 @joehoyle
4 years ago

@markjaquith the criterium is is_user_logged_in(). I think we'll need to add it directly, but can pass it through a filter to allow overriding (and also sending no-cache headers on un'authed requests if the developer wanted to). Patch incoming.

@joehoyle
4 years ago

@joehoyle
4 years ago

This ticket was mentioned in Slack in #core by joehoyle. View the logs.


4 years ago

#5 @joehoyle
4 years ago

  • Keywords has-unit-tests has-patch added; needs-patch removed

This ticket was mentioned in Slack in #core by wonderboymusic. View the logs.


4 years ago

#8 @wonderboymusic
4 years ago

  • Keywords commit added

#9 @wonderboymusic
4 years ago

+1 from me

#11 @wonderboymusic
4 years ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 35773:

REST API: Core typically sends nocache headers on all auth'ed responses, as in wp, admin-ajax, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves.

Adds unit tests.

Props joehoyle.
Fixes #34832.

Note: See TracTickets for help on using tickets.