Opened 10 years ago
Closed 10 years ago
#34832 closed defect (bug) (fixed)
REST API does not send nocache headers on authenticated requests
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 4.4 | Priority: | normal |
| Severity: | normal | Version: | 4.4 |
| Component: | REST API | Keywords: | has-unit-tests has-patch commit |
| Focuses: | Cc: |
Description
Core typically sends nocache headers on all auth'ed responses, as in wp, admin-ajax, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves.
I'd recommend we get this fix in 4.4 given the implications.
Attachments (2)
Change History (13)
#1
@
10 years ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to 4.4
- Owner set to rmccue
- Status changed from new to accepted
#3
@
10 years ago
@markjaquith the criterium is is_user_logged_in(). I think we'll need to add it directly, but can pass it through a filter to allow overriding (and also sending no-cache headers on un'authed requests if the developer wanted to). Patch incoming.
This ticket was mentioned in Slack in #core by joehoyle. View the logs.
10 years ago
This ticket was mentioned in Slack in #core by wonderboymusic. View the logs.
10 years ago
Note: See
TracTickets for help on using
tickets.
What are the criteria? Should it be done via a hook, so it can be unhooked?