REST API JavaScript Client: Support an empty string for nonce to disable sending the X-WP-Nonce header.

Passing a `nonce` argument with an empty string to `wp.api.init()` now does no longer fall back to `wpApiSettings.nonce`. This makes it possible to stop sending nonce headers, for example to a read-only endpoint on another site in a multisite install.

Merge of [42852] to the 4.9 branch.

Props adamsilverstein, FPCSJames, ocean90, swissspidy.
See #42948, #43266.
Built from https://develop.svn.wordpress.org/branches/4.9@42854


git-svn-id: http://core.svn.wordpress.org/branches/4.9@42684 1a063a9b-81f0-0310-95a4-ce76da25c4cd
This commit is contained in:
Dominik Schilling 2018-03-18 20:04:42 +00:00
parent 7faddf9e50
commit 04d41666dc
3 changed files with 6 additions and 5 deletions

View File

@ -848,7 +848,7 @@
model.unset( 'slug' ); model.unset( 'slug' );
} }
if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) { if ( _.isFunction( model.nonce ) && ! _.isEmpty( model.nonce() ) ) {
beforeSend = options.beforeSend; beforeSend = options.beforeSend;
// @todo enable option for jsonp endpoints // @todo enable option for jsonp endpoints
@ -992,7 +992,7 @@
options = options || {}; options = options || {};
if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) { if ( _.isFunction( model.nonce ) && ! _.isEmpty( model.nonce() ) ) {
beforeSend = options.beforeSend; beforeSend = options.beforeSend;
// Include the nonce with requests. // Include the nonce with requests.
@ -1490,6 +1490,7 @@
* Initialize the wp-api, optionally passing the API root. * Initialize the wp-api, optionally passing the API root.
* *
* @param {object} [args] * @param {object} [args]
* @param {string} [args.nonce] The nonce. Optional, defaults to wpApiSettings.nonce.
* @param {string} [args.apiRoot] The api root. Optional, defaults to wpApiSettings.root. * @param {string} [args.apiRoot] The api root. Optional, defaults to wpApiSettings.root.
* @param {string} [args.versionString] The version string. Optional, defaults to wpApiSettings.root. * @param {string} [args.versionString] The version string. Optional, defaults to wpApiSettings.root.
* @param {object} [args.schema] The schema. Optional, will be fetched from API if not provided. * @param {object} [args.schema] The schema. Optional, will be fetched from API if not provided.
@ -1498,7 +1499,7 @@
var endpoint, attributes = {}, deferred, promise; var endpoint, attributes = {}, deferred, promise;
args = args || {}; args = args || {};
attributes.nonce = args.nonce || wpApiSettings.nonce || ''; attributes.nonce = _.isString( args.nonce ) ? args.nonce : ( wpApiSettings.nonce || '' );
attributes.apiRoot = args.apiRoot || wpApiSettings.root || '/wp-json'; attributes.apiRoot = args.apiRoot || wpApiSettings.root || '/wp-json';
attributes.versionString = args.versionString || wpApiSettings.versionString || 'wp/v2/'; attributes.versionString = args.versionString || wpApiSettings.versionString || 'wp/v2/';
attributes.schema = args.schema || null; attributes.schema = args.schema || null;

File diff suppressed because one or more lines are too long

View File

@ -4,7 +4,7 @@
* *
* @global string $wp_version * @global string $wp_version
*/ */
$wp_version = '4.9.5-alpha-42853'; $wp_version = '4.9.5-alpha-42854';
/** /**
* Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema. * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.