[wp-trac] [WordPress Trac] #35662: Include a refreshed nonce when responding to an authenticated REST API response
WordPress Trac
noreply at wordpress.org
Wed Feb 24 15:04:48 UTC 2016
#35662: Include a refreshed nonce when responding to an authenticated REST API
response
------------------------------------+------------------------
Reporter: adamsilverstein | Owner: rmccue
Type: enhancement | Status: reviewing
Priority: normal | Milestone: 4.5
Component: REST API | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch dev-feedback | Focuses:
------------------------------------+------------------------
Comment (by adamsilverstein):
@azaozz
Thanks for the feedback.
* Note that we only send the nonce back when the request contains a valid
nonce.
* I agree we should only send a nonce back if the api is enabled.
* I like the suggestion of only sending a nonce when the verify nonce
returns 2 indicating a nonce with a later expiration is available. It is
straightforward to work with this on the client side.
@rmccue is working on a refreshed patch.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35662#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list