WordPress.org

Make WordPress Core

Opened 3 years ago

Closed 3 months ago

Last modified 3 months ago

#43605 closed enhancement (fixed)

Add HTTP/1.0 emulation to apiRequest()

Reported by: pento Owned by: TimothyBlynJacobs
Milestone: 5.6 Priority: normal
Severity: normal Version:
Component: REST API Keywords: good-first-bug has-patch
Focuses: rest-api Cc:

Description

HTTP/1.1 is nice, but the verbs are fairly strictly filtered by a bunch of web application firewalls.

For wider compatibility, we should default to HTTP/1.0, making use of the X-HTTP-Method-Override header.

See https://github.com/WordPress/gutenberg/pull/5741 for an example shim, and examples of broken sites.

Change History (14)

#1 @pento
3 years ago

It looks like modsec has some interesting rules that block form encoded strings, but don't block JSON encoded strings. So, we should send things as JSON.

See: https://github.com/WordPress/gutenberg/pull/5971

#2 @danielbachhuber
2 years ago

When someone puts a patch together for this, it'd be great to have manual testing instructions (because I'm assuming it's not possible to test this in an automated way).

This ticket was mentioned in Slack in #core-restapi by earnjam. View the logs.


2 years ago

#4 @danielbachhuber
2 years ago

  • Owner set to earnjam
  • Status changed from new to assigned

Assigning to @earnjam per today's #core-restapi Slack chat.

#5 @earnjam
2 years ago

It looks like the shim got replaced with the @wordpress/api-fetch package and has the HTTP/1.0 emulation covered as far as Gutenberg is concerned. (see api-fetch/src/middlewares/http-v1.js)

Do we still want to add this to wp.apiRequest() for 5.0? Doesn't seem like Gutenberg needs it anymore.

#6 @danielbachhuber
2 years ago

  • Keywords needs-patch removed
  • Milestone 5.0 deleted
  • Resolution set to maybelater
  • Status changed from assigned to closed

Good find, @earnjam. The shim was removed from Gutenberg in June: https://github.com/WordPress/gutenberg/commit/8ec748a6b8bdef99afd74d7546254fb6e07eb463#diff-6ff32417da0658502e7caa1a1abbeae6L72

I don't see it necessary to add HTTP/1.0 emulation to wp.apiRequest() for 5.0.

This ticket was mentioned in Slack in #core-js by swissspidy. View the logs.


10 months ago

#8 @TimothyBlynJacobs
4 months ago

  • Milestone set to 5.6
  • Resolution maybelater deleted
  • Status changed from closed to reopened

This is still necessary if people want to use the smaller wp.apiRequest library properly.

#9 @TimothyBlynJacobs
4 months ago

@earnjam are you still interested in working on this ticket now that it is back open?

#10 @earnjam
4 months ago

  • Owner earnjam deleted
  • Status changed from reopened to assigned

I don't think I can commit to it for 5.6. I'll circle back around if I have some time and it is still open.

#11 @TimothyBlynJacobs
4 months ago

  • Keywords good-first-bug added

Ok, thanks @earnjam!

Adding the good-first-bug keyword.

The fix here is if the passed method is POST, PUT, or DELETE to pass that in the X-HTTP-Method-Override header. We then change the method to POST.

https://github.com/WordPress/wordpress-develop/blob/150d9bd17e99857cf24fa6f0139b2e76ba6761ad/src/js/_enqueues/wp/api-request.js#L57

This ticket was mentioned in PR #580 on WordPress/wordpress-develop by yakimun.


4 months ago

  • Keywords has-patch added

Added overriding of the PUT and DELETE methods with the POST method in wp.apiRequest library.

Trac ticket: https://core.trac.wordpress.org/ticket/43605

#13 @TimothyBlynJacobs
3 months ago

  • Owner set to TimothyBlynJacobs
  • Resolution set to fixed
  • Status changed from assigned to closed

In 49133:

REST API: Add HTTP/1.0 emulation to wp.apiRequest().

This allows for making REST API calls with the PUT and DELETE HTTP methods that may be blocked or unsupported by some server configurations.

Props yakimun.
Fixes #43605.

#14 @prbot
3 months ago

TimothyBJacobs commented on PR #580:

Merged in 9f502ab.

Thanks for the patch @yakimun!

Note: See TracTickets for help on using tickets.