Make WordPress Core

Opened 5 years ago

Closed 5 years ago

#48076 closed defect (bug) (fixed)

Gutenberg 6.5: Add Nonce Endpoint

Reported by: iseulde's profile iseulde Owned by: iseulde's profile iseulde
Milestone: 5.3 Priority: normal
Severity: normal Version: 5.3
Component: Editor Keywords: has-patch
Focuses: Cc:

Description

This is a follow up to #47843.
See https://core.trac.wordpress.org/ticket/47843#comment:29.

I added the action that was added for the plugin in https://github.com/WordPress/gutenberg/pull/16683.

This can be tested by adding lowering the nonce life to 5 seconds. Load the page, then wait 5 seconds and try to update or publish a post.

<?php

add_filter( 'nonce_life', function() {
        return 5;
} );

Attachments (2)

nonce-1.diff (2.1 KB) - added by iseulde 5 years ago.
Screenshot 2019-09-19 at 20.55.09.png (64.4 KB) - added by iseulde 5 years ago.

Download all attachments as: .zip

Change History (5)

@iseulde
5 years ago

#1 @iseulde
5 years ago

When testing, it is good to look at the network requests. Whenever the nonce expires, the REST API will return 403. A new nonce will be requested with the new action, and the original request will be remade.

#3 @iseulde
5 years ago

  • Owner set to iseulde
  • Resolution set to fixed
  • Status changed from new to closed

In 46253:

Editor: Add Nonce Endpoint

This is a follow up to #47843, implementing a PHP endpoint and inline scripts
after the editor package updates. The action was originally added in
https://github.com/WordPress/gutenberg/pull/16683.

Fixes #48076.

Note: See TracTickets for help on using tickets.