Changes between Initial Version and Version 1 of Ticket #36785, comment 4
- Timestamp:
- 05/12/2016 07:14:37 AM (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Ticket #36785, comment 4
initial v1 1 1 I see no reason why the auth cookies should be made available in this manner, it's just adding the ability for a developer to shoot themselves in the foot with a vulnerability. 2 2 3 If JS needs to know the logged in user, it should use it's own cookie which is set through `wp_localize_script()` or similar, making available the full auth cookie is just asking for a bad time.3 If JS needs to know the logged in user, it should use it's own cookie or variable which is set through `wp_localize_script()` or similar, making available the full auth cookie is just asking for a bad time.