From 22ae908ede2114d50ee2882057e86b0715c41ef2 Mon Sep 17 00:00:00 2001 From: Ella Iseulde Van Dorpe <*@iseulde.com> Date: Mon, 23 Sep 2019 17:47:56 +0000 Subject: [PATCH] Editor: Add Nonce Endpoint This is a follow up to #47843, implementing a PHP endpoint and inline scripts after the editor package updates. The action was originally added in https://github.com/WordPress/gutenberg/pull/16683. Fixes #48076. Built from https://develop.svn.wordpress.org/trunk@46253 git-svn-id: http://core.svn.wordpress.org/trunk@46065 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-admin/admin-ajax.php | 1 + wp-admin/includes/ajax-actions.php | 9 +++++++++ wp-includes/script-loader.php | 31 ++++++++++++------------------ wp-includes/version.php | 2 +- 4 files changed, 23 insertions(+), 20 deletions(-) diff --git a/wp-admin/admin-ajax.php b/wp-admin/admin-ajax.php index 7d9266d80f..deea44152c 100644 --- a/wp-admin/admin-ajax.php +++ b/wp-admin/admin-ajax.php @@ -53,6 +53,7 @@ $core_actions_get = array( 'autocomplete-user', 'dashboard-widgets', 'logged-in', + 'rest-nonce', ); $core_actions_post = array( diff --git a/wp-admin/includes/ajax-actions.php b/wp-admin/includes/ajax-actions.php index 8d10ff731d..17f0243897 100644 --- a/wp-admin/includes/ajax-actions.php +++ b/wp-admin/includes/ajax-actions.php @@ -5268,3 +5268,12 @@ function wp_ajax_health_check_get_sizes() { wp_send_json_success( $all_sizes ); } + +/** + * Ajax handler to renew the REST API nonce. + * + * @since 5.3.0 + */ +function wp_ajax_rest_nonce() { + exit( wp_create_nonce( 'wp_rest' ) ); +} diff --git a/wp-includes/script-loader.php b/wp-includes/script-loader.php index 5d1e891a3e..85bee7d388 100644 --- a/wp-includes/script-loader.php +++ b/wp-includes/script-loader.php @@ -651,26 +651,19 @@ function wp_default_packages_inline_scripts( &$scripts ) { } $scripts->add_inline_script( 'wp-api-fetch', - sprintf( - implode( - "\n", - array( - '( function() {', - ' var nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', - ' wp.apiFetch.use( nonceMiddleware );', - ' wp.hooks.addAction(', - ' "heartbeat.tick",', - ' "core/api-fetch/create-nonce-middleware",', - ' function( response ) {', - ' if ( response[ "rest_nonce" ] ) {', - ' nonceMiddleware.nonce = response[ "rest_nonce" ];', - ' }', - ' }', - ' );', - '} )();', - ) + join( + array( + sprintf( + 'wp.apiFetch.nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', + ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ) + ), + 'wp.apiFetch.use( wp.apiFetch.nonceMiddleware );', + sprintf( + 'wp.apiFetch.nonceEndpoint = "%s";', + admin_url( 'admin-ajax.php?action=rest-nonce' ) + ), ), - ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ) + "\n" ), 'after' ); diff --git a/wp-includes/version.php b/wp-includes/version.php index a5eb1b260a..3ea404c058 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -13,7 +13,7 @@ * * @global string $wp_version */ -$wp_version = '5.3-alpha-46252'; +$wp_version = '5.3-alpha-46253'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.