REST API: Include a refreshed nonce in a `X-WP-Nonce` header when responding to an authenticated request.
Props adamsilverstein, welcher, markjaquith, aidvu. Fixes #35662. Built from https://develop.svn.wordpress.org/trunk@37905 git-svn-id: http://core.svn.wordpress.org/trunk@37846 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
parent
b8faa92421
commit
41369b1ced
|
@ -548,10 +548,12 @@ function rest_output_link_header() {
|
||||||
*
|
*
|
||||||
* @since 4.4.0
|
* @since 4.4.0
|
||||||
*
|
*
|
||||||
* @global mixed $wp_rest_auth_cookie
|
* @global mixed $wp_rest_auth_cookie
|
||||||
|
* @global WP_REST_Server $wp_rest_server REST server instance.
|
||||||
*
|
*
|
||||||
* @param WP_Error|mixed $result Error from another authentication handler, null if we should handle it,
|
* @param WP_Error|mixed $result Error from another authentication handler,
|
||||||
* or another value if not.
|
* null if we should handle it, or another value
|
||||||
|
* if not.
|
||||||
* @return WP_Error|mixed|bool WP_Error if the cookie is invalid, the $result, otherwise true.
|
* @return WP_Error|mixed|bool WP_Error if the cookie is invalid, the $result, otherwise true.
|
||||||
*/
|
*/
|
||||||
function rest_cookie_check_errors( $result ) {
|
function rest_cookie_check_errors( $result ) {
|
||||||
|
@ -559,7 +561,7 @@ function rest_cookie_check_errors( $result ) {
|
||||||
return $result;
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
global $wp_rest_auth_cookie;
|
global $wp_rest_auth_cookie, $wp_rest_server;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Is cookie authentication being used? (If we get an auth
|
* Is cookie authentication being used? (If we get an auth
|
||||||
|
@ -592,6 +594,9 @@ function rest_cookie_check_errors( $result ) {
|
||||||
return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) );
|
return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Send a refreshed nonce in header.
|
||||||
|
$wp_rest_server->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) );
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
*
|
*
|
||||||
* @global string $wp_version
|
* @global string $wp_version
|
||||||
*/
|
*/
|
||||||
$wp_version = '4.6-alpha-37904';
|
$wp_version = '4.6-alpha-37905';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.
|
||||||
|
|
Loading…
Reference in New Issue