Make WordPress Core

Opened 6 years ago

Last modified 4 years ago

#42970 new enhancement

Add a 'rest_nonce_action' filter to the REST API

Reported by: enlightenedpie's profile enlightenedpie Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: REST API Keywords: has-patch close
Focuses: rest-api Cc:


In the spirit of fully customizing the REST API, as I'm doing in my current application, some features (like the REST prefix) are customizable through filters, while the nonce name, or rather the rest nonce 'action', is not. 'wp_rest' is a bit generic and could easily have a 'rest_nonce_name' or 'rest_nonce_action' filter added in wp-includes/rest-api.php.

I believe in this regard that allowing alignment with user-defined namespaces and naming conventions would really further the extensibility of the WP REST API, especially in cases where pretty much every default (including default endpoints) are being disabled or overridden/overwritten. Thoughts?

Attachments (3)

rest-api.php (37.9 KB) - added by enlightenedpie 6 years ago.
Proposed change to rest-api.php (starts at line 780)
rest-api.diff (994 bytes) - added by enlightenedpie 6 years ago.
rest-api.php patch
rest-api.2.diff (986 bytes) - added by enlightenedpie 6 years ago.
rest-api.php patch

Download all attachments as: .zip

Change History (9)

6 years ago

Proposed change to rest-api.php (starts at line 780)

#1 @schlessera
6 years ago

Welcome aboard, @enlightenedpie , and thanks for the ticket!

To suggest code changes, you should upload them in the form of a patch, not the entire source file that you modified.

You can find more information about patches here:

Also, feel free to stop by in the #core channel on the Slack team if you have questions about the process.

6 years ago

rest-api.php patch

#2 @enlightenedpie
6 years ago

  • Keywords has-patch added

@schlessera Thank you for the heads up! Obvs my first time contributing. Patch submitted.

#3 @schlessera
6 years ago

@enlightenedpie No worries, we all start at some point.

There's something wonky with the alignment of your docblock (click on the patch name to see it). You should make sure you use tabs & spaces correctly. If you change the patch, you can just re-upload it and overwrite the previous version.

6 years ago

rest-api.php patch

#4 @enlightenedpie
6 years ago

@schlessera Thank you, doc block fixed. Although, when I uploaded the new patch I didn't see a way to replace the old one.

#5 @pento
5 years ago

  • Version trunk deleted

#6 @TimothyBlynJacobs
4 years ago

  • Keywords close added

I wonder how practical using this filter would be. If a site changed the REST API action with that filter, all the plugins that were creating a wp_rest nonce to call the REST API would no longer work. As such, the practicality here seems quite small and would probably be better served by a custom authentication filter. Because of that I think it may make sense to close the ticket, conditionally adding a close keyword.

Note: See TracTickets for help on using tickets.