Changes between Initial Version and Version 1 of Ticket #35662, comment 9
- Timestamp:
- 02/24/2016 01:05:49 AM (8 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #35662, comment 9
initial v1 3 3 - Currently the nonces code block is before the REST API enabled check so it will return a nonce even when the API is disabled. This doesn't seem right? 4 4 - Generating a nonce on every request (which will be the same for 12 hours) seems redundant. Perhaps it is better when a client looks for the presence of a new nonce and replaces the current one? As mentioned in the Slack chat, maybe add new nonce only when `wp_verify_nonce()` returns 2. 5 - Consider separating the filter parameters: `$nonce_is_valid` and `user_logged_in` and maybe drop `$user_and_nonce`. Plugins don't need to check again why $user_and_nonceis false.5 - Consider separating the filter parameters: `$nonce_is_valid` and `user_logged_in`. Plugins don't need to check again why `$user_and_nonce` is false.