Opened 9 years ago
Closed 9 years ago
#34832 closed defect (bug) (fixed)
REST API does not send nocache headers on authenticated requests
Reported by: | joehoyle | Owned by: | rmccue |
---|---|---|---|
Milestone: | 4.4 | Priority: | normal |
Severity: | normal | Version: | 4.4 |
Component: | REST API | Keywords: | has-unit-tests has-patch commit |
Focuses: | Cc: |
Description
Core typically sends nocache headers on all auth'ed responses, as in wp
, admin-ajax
, etc. Because the REST API infrastructure is hooked in pre-wp
, we should be setting this ourselves.
I'd recommend we get this fix in 4.4 given the implications.
Attachments (2)
Change History (13)
#1
@
9 years ago
- Keywords needs-patch added
- Milestone changed from Awaiting Review to 4.4
- Owner set to rmccue
- Status changed from new to accepted
#3
@
9 years ago
@markjaquith the criterium is is_user_logged_in()
. I think we'll need to add it directly, but can pass it through a filter to allow overriding (and also sending no-cache headers on un'authed requests if the developer wanted to). Patch incoming.
This ticket was mentioned in Slack in #core by joehoyle. View the logs.
9 years ago
This ticket was mentioned in Slack in #core by wonderboymusic. View the logs.
9 years ago
Note: See
TracTickets for help on using
tickets.
What are the criteria? Should it be done via a hook, so it can be unhooked?