WordPress.org

Make WordPress Core

Changes between Initial Version and Version 1 of Ticket #35662, comment 9


Ignore:
Timestamp:
02/24/2016 01:05:49 AM (4 years ago)
Author:
azaozz
Comment:

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #35662, comment 9

    initial v1  
    33- Currently the nonces code block is before the REST API enabled check so it will return a nonce even when the API is disabled. This doesn't seem right?
    44- Generating a nonce on every request (which will be the same for 12 hours) seems redundant. Perhaps it is better when a client looks for the presence of a new nonce and replaces the current one? As mentioned in the Slack chat, maybe add new nonce only when `wp_verify_nonce()` returns 2.
    5 - Consider separating the filter parameters: `$nonce_is_valid` and `user_logged_in` and maybe drop `$user_and_nonce`. Plugins don't need to check again why $user_and_nonce is false.
     5- Consider separating the filter parameters: `$nonce_is_valid` and `user_logged_in`. Plugins don't need to check again why `$user_and_nonce` is false.