REST API JavaScript Client: refresh nonce when a new nonce is available

[adamsilverstein]

Since [37905] the REST API returns a fresh wp_rest nonce in the headers of (authenticated) requests. The JavaScript client uses nonces for (cookie based) authenticated requests and should keep its internal nonce up to date with the returned nonce. This will be especially useful for long-running JavaScript applications that need to make authenticated requests.

[adamsilverstein]

In 40422.diff​ :

• Track nonce at the endpoint level.
• Update nonce when a new nonce is returned.

[rmccue]

This is useful if you're sending API endpoint requests constantly, but not if you just leave the tab open in the background, which still needs heartbeat.

(Also, your patch still has a console.log call in it. :) )

[adamsilverstein]

in 40422.2.diff​ removed the console log.

[adamsilverstein]

Replying to rmccue:

This is useful if you're sending API endpoint requests constantly, but not if you just leave the tab open in the background, which still needs heartbeat.

Right, it is up the developer to decide to poll the API, this just picks up the refreshed nonce if available.

(Also, your patch still has a console.log call in it. :) )

removed :)

[adamsilverstein]

Related: #37569.

[adamsilverstein]

This should be good to go early in 4.9, could use some additional testing for validation.

[adamsilverstein]

In 41553:

REST API JS Client: Improve nonce handling, refresh stale nonce on sync.

Keep the nonce used for cookie based authentication fresh by pulling in and using any new nonce supplied in the response headers.

• Enable passing nonce to init so each api/endpoint can use a unique nonce.
• Store nonce for endpoint on endpointModel.
• New model helper nonce() retrieves a model's routeModel nonce.
• When a response header contains a nonce that doesn't match the stored nonce, replace it.

Fixes #40422.