REST API: Allow overriding `jQuery.ajax` calls from within wp-admin

There are now 3 places where we call out to the REST API from within wp-admin.  This commit introduces a small library to allow overriding these calls, centralize nonce-passing logic, and eliminate the need to pass a full REST URL down to client code (this last feature is not yet used and will be explored in a separate ticket).

Fixes #40919.

Built from https://develop.svn.wordpress.org/trunk@41206


git-svn-id: http://core.svn.wordpress.org/trunk@41046 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
James Nylen 2017-08-02 16:45:44 +00:00
parent a193916f46
commit c91b130b53
11 changed files with 110 additions and 23 deletions

View File

@ -110,13 +110,12 @@
control.fetchEmbedDfd.abort(); control.fetchEmbedDfd.abort();
} }
control.fetchEmbedDfd = jQuery.ajax({ control.fetchEmbedDfd = wp.apiRequest({
url: wp.media.view.settings.oEmbedProxyUrl, url: wp.media.view.settings.oEmbedProxyUrl,
data: { data: {
url: control.model.get( 'url' ), url: control.model.get( 'url' ),
maxwidth: control.model.get( 'width' ), maxwidth: control.model.get( 'width' ),
maxheight: control.model.get( 'height' ), maxheight: control.model.get( 'height' ),
_wpnonce: wp.media.view.settings.nonce.wpRestApi,
discover: false discover: false
}, },
type: 'GET', type: 'GET',

View File

@ -1 +1 @@
!function(a){"use strict";var b,c,d;d=wp.media.view.MediaFrame.VideoDetails.extend({createStates:function(){this.states.add([new wp.media.controller.VideoDetails({media:this.media}),new wp.media.controller.MediaLibrary({type:"video",id:"add-video-source",title:wp.media.view.l10n.videoAddSourceTitle,toolbar:"add-video-source",media:this.media,menu:!1}),new wp.media.controller.MediaLibrary({type:"text",id:"add-track",title:wp.media.view.l10n.videoAddTrackTitle,toolbar:"add-track",media:this.media,menu:"video-details"})])}}),b=a.MediaWidgetModel.extend({}),c=a.MediaWidgetControl.extend({showDisplaySettings:!1,oembedResponses:{},mapModelToMediaFrameProps:function(b){var c,d=this;return c=a.MediaWidgetControl.prototype.mapModelToMediaFrameProps.call(d,b),c.link="embed",c},fetchEmbed:function(){var a,b=this;a=b.model.get("url"),b.oembedResponses[a]||(b.fetchEmbedDfd&&"pending"===b.fetchEmbedDfd.state()&&b.fetchEmbedDfd.abort(),b.fetchEmbedDfd=jQuery.ajax({url:wp.media.view.settings.oEmbedProxyUrl,data:{url:b.model.get("url"),maxwidth:b.model.get("width"),maxheight:b.model.get("height"),_wpnonce:wp.media.view.settings.nonce.wpRestApi,discover:!1},type:"GET",dataType:"json",context:b}),b.fetchEmbedDfd.done(function(c){b.oembedResponses[a]=c,b.renderPreview()}),b.fetchEmbedDfd.fail(function(){b.oembedResponses[a]=null}))},isHostedVideo:function(a){var b=document.createElement("a");return b.href=a,/vimeo|youtu\.?be/.test(b.host)},renderPreview:function(){var a,b,c,d,e,f,g,h=this,i=!1;c=h.model.get("attachment_id"),d=h.model.get("url"),g=h.model.get("error"),(c||d)&&(!c&&d&&(i=h.isHostedVideo(d)),i&&(h.fetchEmbed(),e=h.oembedResponses[d]?h.oembedResponses[d].thumbnail_url:null),f=h.selectedAttachment.get("mime"),f&&c&&(_.contains(_.values(wp.media.view.settings.embedMimes),f)||(g="unsupported_file_type")),a=h.$el.find(".media-widget-preview"),b=wp.template("wp-media-widget-video-preview"),a.html(b({model:{attachment_id:h.model.get("attachment_id"),src:d,poster:e},is_hosted_embed:i,error:g})),wp.mediaelement.initialize())},editMedia:function(){var a,b,c,e=this;b=e.mapModelToMediaFrameProps(e.model.toJSON()),a=new d({frame:"video",state:"video-details",metadata:b}),wp.media.frame=a,a.$el.addClass("media-widget"),c=function(a){e.selectedAttachment.set(a),e.model.set(_.extend(_.omit(e.model.defaults(),"title"),e.mapMediaToModelProps(a),{error:!1}))},a.state("video-details").on("update",c),a.state("replace-video").on("replace",c),a.on("close",function(){a.detach()}),a.open()}}),a.controlConstructors.media_video=c,a.modelConstructors.media_video=b}(wp.mediaWidgets); !function(a){"use strict";var b,c,d;d=wp.media.view.MediaFrame.VideoDetails.extend({createStates:function(){this.states.add([new wp.media.controller.VideoDetails({media:this.media}),new wp.media.controller.MediaLibrary({type:"video",id:"add-video-source",title:wp.media.view.l10n.videoAddSourceTitle,toolbar:"add-video-source",media:this.media,menu:!1}),new wp.media.controller.MediaLibrary({type:"text",id:"add-track",title:wp.media.view.l10n.videoAddTrackTitle,toolbar:"add-track",media:this.media,menu:"video-details"})])}}),b=a.MediaWidgetModel.extend({}),c=a.MediaWidgetControl.extend({showDisplaySettings:!1,oembedResponses:{},mapModelToMediaFrameProps:function(b){var c,d=this;return c=a.MediaWidgetControl.prototype.mapModelToMediaFrameProps.call(d,b),c.link="embed",c},fetchEmbed:function(){var a,b=this;a=b.model.get("url"),b.oembedResponses[a]||(b.fetchEmbedDfd&&"pending"===b.fetchEmbedDfd.state()&&b.fetchEmbedDfd.abort(),b.fetchEmbedDfd=wp.apiRequest({url:wp.media.view.settings.oEmbedProxyUrl,data:{url:b.model.get("url"),maxwidth:b.model.get("width"),maxheight:b.model.get("height"),discover:!1},type:"GET",dataType:"json",context:b}),b.fetchEmbedDfd.done(function(c){b.oembedResponses[a]=c,b.renderPreview()}),b.fetchEmbedDfd.fail(function(){b.oembedResponses[a]=null}))},isHostedVideo:function(a){var b=document.createElement("a");return b.href=a,/vimeo|youtu\.?be/.test(b.host)},renderPreview:function(){var a,b,c,d,e,f,g,h=this,i=!1;c=h.model.get("attachment_id"),d=h.model.get("url"),g=h.model.get("error"),(c||d)&&(!c&&d&&(i=h.isHostedVideo(d)),i&&(h.fetchEmbed(),e=h.oembedResponses[d]?h.oembedResponses[d].thumbnail_url:null),f=h.selectedAttachment.get("mime"),f&&c&&(_.contains(_.values(wp.media.view.settings.embedMimes),f)||(g="unsupported_file_type")),a=h.$el.find(".media-widget-preview"),b=wp.template("wp-media-widget-video-preview"),a.html(b({model:{attachment_id:h.model.get("attachment_id"),src:d,poster:e},is_hosted_embed:i,error:g})),wp.mediaelement.initialize())},editMedia:function(){var a,b,c,e=this;b=e.mapModelToMediaFrameProps(e.model.toJSON()),a=new d({frame:"video",state:"video-details",metadata:b}),wp.media.frame=a,a.$el.addClass("media-widget"),c=function(a){e.selectedAttachment.set(a),e.model.set(_.extend(_.omit(e.model.defaults(),"title"),e.mapMediaToModelProps(a),{error:!1}))},a.state("video-details").on("update",c),a.state("replace-video").on("replace",c),a.on("close",function(){a.detach()}),a.open()}}),a.controlConstructors.media_video=c,a.modelConstructors.media_video=b}(wp.mediaWidgets);

View File

@ -200,13 +200,12 @@ wp.mediaWidgets = ( function( $ ) {
embedLinkView.model.attributes.url = url; embedLinkView.model.attributes.url = url;
} }
embedLinkView.dfd = $.ajax({ embedLinkView.dfd = wp.apiRequest({
url: wp.media.view.settings.oEmbedProxyUrl, url: wp.media.view.settings.oEmbedProxyUrl,
data: { data: {
url: url, url: url,
maxwidth: embedLinkView.model.get( 'width' ), maxwidth: embedLinkView.model.get( 'width' ),
maxheight: embedLinkView.model.get( 'height' ), maxheight: embedLinkView.model.get( 'height' ),
_wpnonce: wp.media.view.settings.nonce.wpRestApi,
discover: false discover: false
}, },
type: 'GET', type: 'GET',

File diff suppressed because one or more lines are too long

View File

@ -0,0 +1,87 @@
/**
* Thin jQuery.ajax wrapper for WP REST API requests.
*
* Currently only applies to requests that do not use the `wp-api.js` Backbone
* client library, though this may change. Serves several purposes:
*
* - Allows overriding these requests as needed by customized WP installations.
* - Sends the REST API nonce as a request header.
* - Allows specifying only an endpoint namespace/path instead of a full URL.
*
* @namespace wp.apiRequest
* @since 4.9.0
*/
( function( $ ) {
var wpApiSettings = window.wpApiSettings;
function apiRequest( options ) {
options = apiRequest.buildAjaxOptions( options );
return apiRequest.transport( options );
};
apiRequest.buildAjaxOptions = function( options ) {
var url = options.url;
var path = options.path;
var namespaceTrimmed, endpointTrimmed;
var headers, addNonceHeader, headerName;
if (
typeof options.namespace === 'string' &&
typeof options.endpoint === 'string'
) {
namespaceTrimmed = options.namespace.replace( /^\/|\/$/g, '' );
endpointTrimmed = options.endpoint.replace( /^\//, '' );
if ( endpointTrimmed ) {
path = namespaceTrimmed + '/' + endpointTrimmed;
} else {
path = namespaceTrimmed;
}
}
if ( typeof path === 'string' ) {
url = wpApiSettings.root + path.replace( /^\//, '' );
}
// If ?_wpnonce=... is present, no need to add a nonce header.
addNonceHeader = ! ( options.data && options.data._wpnonce );
headers = options.headers || {};
// If an 'X-WP-Nonce' header (or any case-insensitive variation
// thereof) was specified, no need to add a nonce header.
if ( addNonceHeader ) {
for ( headerName in headers ) {
if ( headers.hasOwnProperty( headerName ) ) {
if ( headerName.toLowerCase() === 'x-wp-nonce' ) {
addNonceHeader = false;
break;
}
}
}
}
if ( addNonceHeader ) {
// Do not mutate the original headers object, if any.
headers = $.extend( {
'X-WP-Nonce': wpApiSettings.nonce
}, headers );
}
// Do not mutate the original options object.
options = $.extend( {}, options, {
headers: headers,
url: url
} );
delete options.path;
delete options.namespace;
delete options.endpoint;
return options;
};
apiRequest.transport = $.ajax;
window.wp = window.wp || {};
window.wp.apiRequest = apiRequest;
} )( jQuery );

1
wp-includes/js/api-request.min.js vendored Normal file
View File

@ -0,0 +1 @@
!function(a){function b(a){return a=b.buildAjaxOptions(a),b.transport(a)}var c=window.wpApiSettings;b.buildAjaxOptions=function(b){var d,e,f,g,h,i=b.url,j=b.path;if("string"==typeof b.namespace&&"string"==typeof b.endpoint&&(d=b.namespace.replace(/^\/|\/$/g,""),e=b.endpoint.replace(/^\//,""),j=e?d+"/"+e:d),"string"==typeof j&&(i=c.root+j.replace(/^\//,"")),g=!(b.data&&b.data._wpnonce),f=b.headers||{},g)for(h in f)if(f.hasOwnProperty(h)&&"x-wp-nonce"===h.toLowerCase()){g=!1;break}return g&&(f=a.extend({"X-WP-Nonce":c.nonce},f)),b=a.extend({},b,{headers:f,url:i}),delete b.path,delete b.namespace,delete b.endpoint,b},b.transport=a.ajax,window.wp=window.wp||{},window.wp.apiRequest=b}(jQuery);

View File

@ -4642,13 +4642,12 @@ EmbedLink = wp.media.view.Settings.extend({
url = 'https://www.youtube.com/watch?v=' + youTubeEmbedMatch[ 1 ]; url = 'https://www.youtube.com/watch?v=' + youTubeEmbedMatch[ 1 ];
} }
this.dfd = $.ajax({ this.dfd = wp.apiRequest({
url: wp.media.view.settings.oEmbedProxyUrl, url: wp.media.view.settings.oEmbedProxyUrl,
data: { data: {
url: url, url: url,
maxwidth: this.model.get( 'width' ), maxwidth: this.model.get( 'width' ),
maxheight: this.model.get( 'height' ), maxheight: this.model.get( 'height' )
_wpnonce: wp.media.view.settings.nonce.wpRestApi
}, },
type: 'GET', type: 'GET',
dataType: 'json', dataType: 'json',

File diff suppressed because one or more lines are too long

View File

@ -3437,7 +3437,6 @@ function wp_enqueue_media( $args = array() ) {
'captions' => ! apply_filters( 'disable_captions', '' ), 'captions' => ! apply_filters( 'disable_captions', '' ),
'nonce' => array( 'nonce' => array(
'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ), 'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
'wpRestApi' => wp_create_nonce( 'wp_rest' ),
), ),
'post' => array( 'post' => array(
'id' => 0, 'id' => 0,

View File

@ -133,6 +133,14 @@ function wp_default_scripts( &$scripts ) {
'broken' => __('An unidentified error has occurred.') 'broken' => __('An unidentified error has occurred.')
) ); ) );
$scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 );
// `wpApiSettings` is also used by `wp-api`, which depends on this script.
did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array(
'root' => esc_url_raw( get_rest_url() ),
'nonce' => ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ),
'versionString' => 'wp/v2/',
) );
$scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-widget', 'jquery-ui-position' ), '20111129a', 1 ); $scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-widget', 'jquery-ui-position' ), '20111129a', 1 );
did_action( 'init' ) && $scripts->localize( 'wp-pointer', 'wpPointerL10n', array( did_action( 'init' ) && $scripts->localize( 'wp-pointer', 'wpPointerL10n', array(
'dismiss' => __('Dismiss'), 'dismiss' => __('Dismiss'),
@ -566,17 +574,12 @@ function wp_default_scripts( &$scripts ) {
// To enqueue media-views or media-editor, call wp_enqueue_media(). // To enqueue media-views or media-editor, call wp_enqueue_media().
// Both rely on numerous settings, styles, and templates to operate correctly. // Both rely on numerous settings, styles, and templates to operate correctly.
$scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement' ), false, 1 ); $scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request' ), false, 1 );
$scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 ); $scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 );
$scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 ); $scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 );
$scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 ); $scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 );
$scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore' ), false, 1 ); $scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 );
did_action( 'init' ) && $scripts->localize( 'wp-api', 'wpApiSettings', array(
'root' => esc_url_raw( get_rest_url() ),
'nonce' => ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ),
'versionString' => 'wp/v2/',
) );
if ( is_admin() ) { if ( is_admin() ) {
$scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 ); $scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 );
@ -669,12 +672,12 @@ function wp_default_scripts( &$scripts ) {
$scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) ); $scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) );
$scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable' ), false, 1 ); $scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable' ), false, 1 );
$scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views' ) ); $scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) );
$scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' ); $scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' );
$scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
$scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) ); $scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) );
$scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) ); $scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) );
$scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) ); $scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) );
$scripts->add_inline_script( 'text-widgets', 'wp.textWidgets.init();', 'after' ); $scripts->add_inline_script( 'text-widgets', 'wp.textWidgets.init();', 'after' );

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.9-alpha-41205'; $wp_version = '4.9-alpha-41206';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.