From 9cf4ee65a79e7399b1aa568fe5f4d3e239c04379 Mon Sep 17 00:00:00 2001 From: aduth Date: Wed, 20 Mar 2019 20:53:50 +0000 Subject: [PATCH] Scripts: Assign api-fetch nonce with corrected rest_nonce. As of `@wordpress/api-fetch@3.0.0` (introduced in 44812), the `apiFetch` nonce middleware must have its nonce value assigned explicitly, and will no longer listen for heartbeat ticks automatically. This changeset adds an inline script for the default registration of the `api-fetch` script handle to assign the nonce value in response to the heartbeat action. In doing so, it removes the now-unused, misnamed `rest-nonce` property from the heartbeat response, whose original introduction served as temporary compatibility with earlier versions of `@wordpress/api-fetch`. See https://github.com/WordPress/gutenberg/pull/13451 See #45113 Props adamsilverstein, nerrad . Fixes #46107 . Built from https://develop.svn.wordpress.org/trunk@44949 git-svn-id: http://core.svn.wordpress.org/trunk@44780 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/includes/misc.php | 2 -- wp-includes/script-loader.php | 22 +++++++++++++++++++++- wp-includes/version.php | 2 +- 3 files changed, 22 insertions(+), 4 deletions(-) diff --git a/wp-admin/includes/misc.php b/wp-admin/includes/misc.php index c580c25c92..4648efc4af 100644 --- a/wp-admin/includes/misc.php +++ b/wp-admin/includes/misc.php @@ -1082,8 +1082,6 @@ function wp_refresh_post_nonces( $response, $data, $screen_id ) { function wp_refresh_heartbeat_nonces( $response ) { // Refresh the Rest API nonce. $response['rest_nonce'] = wp_create_nonce( 'wp_rest' ); - // TEMPORARY: Compat with api-fetch library - $response['rest-nonce'] = $response['rest_nonce']; // Refresh the Heartbeat nonce. $response['heartbeat_nonce'] = wp_create_nonce( 'heartbeat-nonce' ); diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php index af65319791..3aee09ad6a 100644 --- a/wp-includes/script-loader.php +++ b/wp-includes/script-loader.php @@ -521,10 +521,30 @@ function wp_default_packages_scripts( &$scripts ) { function wp_default_packages_inline_scripts( &$scripts ) { global $wp_locale; + if ( isset( $scripts->registered['wp-api-fetch'] ) ) { + $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; + } $scripts->add_inline_script( 'wp-api-fetch', sprintf( - 'wp.apiFetch.use( wp.apiFetch.createNonceMiddleware( "%s" ) );', + implode( + "\n", + array( + '( function() {', + ' var nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', + ' wp.apiFetch.use( nonceMiddleware );', + ' wp.hooks.addAction(', + ' "heartbeat.tick",', + ' "core/api-fetch/create-nonce-middleware",', + ' function( response ) {', + ' if ( response[ "rest_nonce" ] ) {', + ' nonceMiddleware.nonce = response[ "rest_nonce" ];', + ' }', + ' }', + ' );', + '} )();', + ) + ), ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ) ), 'after' diff --git a/wp-includes/version.php b/wp-includes/version.php index fae66964e9..bb3eae19e5 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.2-alpha-44948'; +$wp_version = '5.2-alpha-44949'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.