WordPress.org

Make WordPress Core

Opened 5 months ago

Closed 5 months ago

Last modified 4 months ago

#50305 closed defect (bug) (fixed)

Heartbeat/auth-check interval consistency (wp_auth_check_interval does not have the stated effect)

Reported by: dsixinetu Owned by: whyisjake
Milestone: 5.5 Priority: normal
Severity: normal Version: 5.5
Component: Administration Keywords: has-patch
Focuses: javascript, administration Cc:

Description

TL;DR: wp_auth_check_interval currently has no effect and should be fixed or deprecated/removed.

History

Originally, the auth_check code run when a heartbeat was received checked for 'wp-auth-check' in the heartbeat data. This value was added to the heartbeat request based on some scheduling in auth-check.js, with wp_auth_check_interval providing a filter to control the timing. Note that this timing is independent of the scheduling of the heartbeat itself.

  • [24738] stopped checking for this value as a part of other changes to auth-check
  • [27153] changed auth_check to run on heartbeat_send rather than heartbeat_received, so the heartbeat data was not available and the data argument was removed in [27154]

Current State

wp_auth_check_interval and the timing code in auth-check.js still control the timing of when the 'wp-auth-check' data is added to the heartbeat request, but nothing on the server side is checking for this value and the 'wp-auth-check' data is included in the heartbeat response every time.

Based on #27081, it seems that we want auth_check to run on every heartbeat as it now does. Assuming that this is correct, the 'wp-auth-check' request data, timing code, and the filter wp_auth_check_interval are no longer required and have been non-functional since 2014.

Proposed Changes

  • Remove timing code in auth-check.js
  • Remove wp_auth_check_interval filter (can we skip deprecating it since it has not worked for the past 6 years?)
  • Recommend controlling heartbeat interval rather than auth-check:
    • Through the 'interval' setting with the heartbeat_settings filter
    • Through the 'heartbeat_interval' value in heartbeat response

Change History (7)

This ticket was mentioned in Slack in #core-js by dsix. View the logs.


5 months ago

#2 @adamsilverstein
5 months ago

@azaozz would be great to have your review of the proposed changes here.

#3 @azaozz
5 months ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to 5.5

@dsixinetu welcome to Trac and thanks for the ticket :)

  • Remove timing code in auth-check.js
  • Remove wp_auth_check_interval filter (can we skip deprecating it since it has not worked for the past 6 years?)

Sounds good. Yes, no need to deprecate the filter imho.

Looks like a patch should remove all uses of schedule() from auth-check.js, and the filter from script-loader.php.

This ticket was mentioned in PR #331 on WordPress/wordpress-develop by dsix-work.


5 months ago

  • Keywords has-patch added; needs-patch removed

As of [27153], wp-auth-check is returned on all heartbeats without the need for data from client-side. This also means that the timing and scheduling of this request data is ineffectual.

Trac ticket: https://core.trac.wordpress.org/ticket/50305

#5 @whyisjake
5 months ago

  • Owner set to whyisjake
  • Status changed from new to accepted

#6 @whyisjake
5 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 48056:

Administration: Remove wp-auth-check from the Heartbeat API.

As of [27153], wp-auth-check is returned on all heartbeats without the need for data from client-side. This also means that the timing and scheduling of this request data is ineffectual.

Fixes #50305.

Props dsixinetu, azaozz, whyisjake.

#7 @prbot
4 months ago

johnbillion commented on PR #331:

Merged, thank you.

Note: See TracTickets for help on using tickets.