WordPress/wp-includes/rest-api
James Nylen df5b8dcc82 REST API: Avoid sending blank `Last-Modified` headers with authenticated requests.
This commit adds a new `WP_REST_Server#remove_header` method and uses it to clear the `Last-Modified` header when the "no caching" headers are sent (by default for all authenticated REST API requests).  This matches the behavior of the `nocache_headers` function used in other parts of WordPress.

Previously, the REST API would send an empty `Last-Modified` header in this situation.  Under some server and browser configurations, this causes browsers to cache authenticated REST API requests, which is undesirable.

Props iv3rson76, zinigor, rmccue, jnylen0.
Fixes #40444.

Built from https://develop.svn.wordpress.org/trunk@40805


git-svn-id: http://core.svn.wordpress.org/trunk@40663 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2017-05-19 20:27:44 +00:00
..
endpoints REST API: Improve a few more strings added after the 4.7 string freeze. 2017-05-10 19:41:41 +00:00
fields REST API: Return a `WP_Error` if `meta` property is not an array. 2016-12-02 21:56:42 +00:00
class-wp-rest-request.php REST API: WP_REST_Request::remove_header() should canonicalize header names. 2017-05-07 04:09:41 +00:00
class-wp-rest-response.php DOCS: Replace HTTP links with HTTPS. 2016-06-10 04:50:33 +00:00
class-wp-rest-server.php REST API: Avoid sending blank `Last-Modified` headers with authenticated requests. 2017-05-19 20:27:44 +00:00