Make WordPress Core

Opened 3 years ago

Last modified 14 hours ago

#43605 reopened enhancement

Add HTTP/1.0 emulation to apiRequest()

Reported by: pento Owned by: earnjam
Milestone: 5.6 Priority: normal
Severity: normal Version:
Component: REST API Keywords:
Focuses: rest-api Cc:


HTTP/1.1 is nice, but the verbs are fairly strictly filtered by a bunch of web application firewalls.

For wider compatibility, we should default to HTTP/1.0, making use of the X-HTTP-Method-Override header.

See https://github.com/WordPress/gutenberg/pull/5741 for an example shim, and examples of broken sites.

Change History (8)

#1 @pento
2 years ago

It looks like modsec has some interesting rules that block form encoded strings, but don't block JSON encoded strings. So, we should send things as JSON.

See: https://github.com/WordPress/gutenberg/pull/5971

#2 @danielbachhuber
2 years ago

When someone puts a patch together for this, it'd be great to have manual testing instructions (because I'm assuming it's not possible to test this in an automated way).

This ticket was mentioned in Slack in #core-restapi by earnjam. View the logs.

2 years ago

#4 @danielbachhuber
2 years ago

  • Owner set to earnjam
  • Status changed from new to assigned

Assigning to @earnjam per today's #core-restapi Slack chat.

#5 @earnjam
2 years ago

It looks like the shim got replaced with the @wordpress/api-fetch package and has the HTTP/1.0 emulation covered as far as Gutenberg is concerned. (see api-fetch/src/middlewares/http-v1.js)

Do we still want to add this to wp.apiRequest() for 5.0? Doesn't seem like Gutenberg needs it anymore.

#6 @danielbachhuber
2 years ago

  • Keywords needs-patch removed
  • Milestone 5.0 deleted
  • Resolution set to maybelater
  • Status changed from assigned to closed

Good find, @earnjam. The shim was removed from Gutenberg in June: https://github.com/WordPress/gutenberg/commit/8ec748a6b8bdef99afd74d7546254fb6e07eb463#diff-6ff32417da0658502e7caa1a1abbeae6L72

I don't see it necessary to add HTTP/1.0 emulation to wp.apiRequest() for 5.0.

This ticket was mentioned in Slack in #core-js by swissspidy. View the logs.

6 months ago

#8 @TimothyBlynJacobs
14 hours ago

  • Milestone set to 5.6
  • Resolution maybelater deleted
  • Status changed from closed to reopened

This is still necessary if people want to use the smaller wp.apiRequest library properly.

Note: See TracTickets for help on using tickets.