From 4ae83ec7ec467f07aec69808170a1a73803da6a4 Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Fri, 4 Dec 2015 23:36:25 +0000 Subject: [PATCH] REST API: Core typically sends nocache headers on all auth'ed responses, as in `wp`, `admin-ajax`, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves. Adds unit tests. Props joehoyle. Fixes #34832. Built from https://develop.svn.wordpress.org/trunk@35773 git-svn-id: http://core.svn.wordpress.org/trunk@35737 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/rest-api/class-wp-rest-server.php | 14 ++++++++++++++ wp-includes/version.php | 2 +- 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/wp-includes/rest-api/class-wp-rest-server.php b/wp-includes/rest-api/class-wp-rest-server.php index 2c46fd8d58..dad4070384 100644 --- a/wp-includes/rest-api/class-wp-rest-server.php +++ b/wp-includes/rest-api/class-wp-rest-server.php @@ -236,6 +236,20 @@ class WP_REST_Server { $this->send_header( 'Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages' ); $this->send_header( 'Access-Control-Allow-Headers', 'Authorization' ); + /** + * Send nocache headers on authenticated requests. + * + * @since 4.4.0 + * + * @param bool $rest_send_nocache_headers Whether to send no-cache headers. + */ + $send_no_cache_headers = apply_filters( 'rest_send_nocache_headers', is_user_logged_in() ); + if ( $send_no_cache_headers ) { + foreach ( wp_get_nocache_headers() as $header => $header_value ) { + $this->send_header( $header, $header_value ); + } + } + /** * Filter whether the REST API is enabled. * diff --git a/wp-includes/version.php b/wp-includes/version.php index 4c92ecd2fc..28e25124cb 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.4-RC1-35772'; +$wp_version = '4.4-RC1-35773'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.