REST API: Allow overriding jQuery.ajax
calls from within wp-admin
There are now 3 places where we call out to the REST API from within wp-admin. This commit introduces a small library to allow overriding these calls, centralize nonce-passing logic, and eliminate the need to pass a full REST URL down to client code (this last feature is not yet used and will be explored in a separate ticket). Fixes #40919. git-svn-id: https://develop.svn.wordpress.org/trunk@41206 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
parent
9c1005410f
commit
1c28b4a3c8
@ -110,13 +110,12 @@
|
|||||||
control.fetchEmbedDfd.abort();
|
control.fetchEmbedDfd.abort();
|
||||||
}
|
}
|
||||||
|
|
||||||
control.fetchEmbedDfd = jQuery.ajax({
|
control.fetchEmbedDfd = wp.apiRequest({
|
||||||
url: wp.media.view.settings.oEmbedProxyUrl,
|
url: wp.media.view.settings.oEmbedProxyUrl,
|
||||||
data: {
|
data: {
|
||||||
url: control.model.get( 'url' ),
|
url: control.model.get( 'url' ),
|
||||||
maxwidth: control.model.get( 'width' ),
|
maxwidth: control.model.get( 'width' ),
|
||||||
maxheight: control.model.get( 'height' ),
|
maxheight: control.model.get( 'height' ),
|
||||||
_wpnonce: wp.media.view.settings.nonce.wpRestApi,
|
|
||||||
discover: false
|
discover: false
|
||||||
},
|
},
|
||||||
type: 'GET',
|
type: 'GET',
|
||||||
|
@ -200,13 +200,12 @@ wp.mediaWidgets = ( function( $ ) {
|
|||||||
embedLinkView.model.attributes.url = url;
|
embedLinkView.model.attributes.url = url;
|
||||||
}
|
}
|
||||||
|
|
||||||
embedLinkView.dfd = $.ajax({
|
embedLinkView.dfd = wp.apiRequest({
|
||||||
url: wp.media.view.settings.oEmbedProxyUrl,
|
url: wp.media.view.settings.oEmbedProxyUrl,
|
||||||
data: {
|
data: {
|
||||||
url: url,
|
url: url,
|
||||||
maxwidth: embedLinkView.model.get( 'width' ),
|
maxwidth: embedLinkView.model.get( 'width' ),
|
||||||
maxheight: embedLinkView.model.get( 'height' ),
|
maxheight: embedLinkView.model.get( 'height' ),
|
||||||
_wpnonce: wp.media.view.settings.nonce.wpRestApi,
|
|
||||||
discover: false
|
discover: false
|
||||||
},
|
},
|
||||||
type: 'GET',
|
type: 'GET',
|
||||||
|
87
src/wp-includes/js/api-request.js
Normal file
87
src/wp-includes/js/api-request.js
Normal file
@ -0,0 +1,87 @@
|
|||||||
|
/**
|
||||||
|
* Thin jQuery.ajax wrapper for WP REST API requests.
|
||||||
|
*
|
||||||
|
* Currently only applies to requests that do not use the `wp-api.js` Backbone
|
||||||
|
* client library, though this may change. Serves several purposes:
|
||||||
|
*
|
||||||
|
* - Allows overriding these requests as needed by customized WP installations.
|
||||||
|
* - Sends the REST API nonce as a request header.
|
||||||
|
* - Allows specifying only an endpoint namespace/path instead of a full URL.
|
||||||
|
*
|
||||||
|
* @namespace wp.apiRequest
|
||||||
|
* @since 4.9.0
|
||||||
|
*/
|
||||||
|
|
||||||
|
( function( $ ) {
|
||||||
|
var wpApiSettings = window.wpApiSettings;
|
||||||
|
|
||||||
|
function apiRequest( options ) {
|
||||||
|
options = apiRequest.buildAjaxOptions( options );
|
||||||
|
return apiRequest.transport( options );
|
||||||
|
};
|
||||||
|
|
||||||
|
apiRequest.buildAjaxOptions = function( options ) {
|
||||||
|
var url = options.url;
|
||||||
|
var path = options.path;
|
||||||
|
var namespaceTrimmed, endpointTrimmed;
|
||||||
|
var headers, addNonceHeader, headerName;
|
||||||
|
|
||||||
|
if (
|
||||||
|
typeof options.namespace === 'string' &&
|
||||||
|
typeof options.endpoint === 'string'
|
||||||
|
) {
|
||||||
|
namespaceTrimmed = options.namespace.replace( /^\/|\/$/g, '' );
|
||||||
|
endpointTrimmed = options.endpoint.replace( /^\//, '' );
|
||||||
|
if ( endpointTrimmed ) {
|
||||||
|
path = namespaceTrimmed + '/' + endpointTrimmed;
|
||||||
|
} else {
|
||||||
|
path = namespaceTrimmed;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ( typeof path === 'string' ) {
|
||||||
|
url = wpApiSettings.root + path.replace( /^\//, '' );
|
||||||
|
}
|
||||||
|
|
||||||
|
// If ?_wpnonce=... is present, no need to add a nonce header.
|
||||||
|
addNonceHeader = ! ( options.data && options.data._wpnonce );
|
||||||
|
|
||||||
|
headers = options.headers || {};
|
||||||
|
|
||||||
|
// If an 'X-WP-Nonce' header (or any case-insensitive variation
|
||||||
|
// thereof) was specified, no need to add a nonce header.
|
||||||
|
if ( addNonceHeader ) {
|
||||||
|
for ( headerName in headers ) {
|
||||||
|
if ( headers.hasOwnProperty( headerName ) ) {
|
||||||
|
if ( headerName.toLowerCase() === 'x-wp-nonce' ) {
|
||||||
|
addNonceHeader = false;
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( addNonceHeader ) {
|
||||||
|
// Do not mutate the original headers object, if any.
|
||||||
|
headers = $.extend( {
|
||||||
|
'X-WP-Nonce': wpApiSettings.nonce
|
||||||
|
}, headers );
|
||||||
|
}
|
||||||
|
|
||||||
|
// Do not mutate the original options object.
|
||||||
|
options = $.extend( {}, options, {
|
||||||
|
headers: headers,
|
||||||
|
url: url
|
||||||
|
} );
|
||||||
|
|
||||||
|
delete options.path;
|
||||||
|
delete options.namespace;
|
||||||
|
delete options.endpoint;
|
||||||
|
|
||||||
|
return options;
|
||||||
|
};
|
||||||
|
|
||||||
|
apiRequest.transport = $.ajax;
|
||||||
|
|
||||||
|
window.wp = window.wp || {};
|
||||||
|
window.wp.apiRequest = apiRequest;
|
||||||
|
} )( jQuery );
|
@ -4642,13 +4642,12 @@ EmbedLink = wp.media.view.Settings.extend({
|
|||||||
url = 'https://www.youtube.com/watch?v=' + youTubeEmbedMatch[ 1 ];
|
url = 'https://www.youtube.com/watch?v=' + youTubeEmbedMatch[ 1 ];
|
||||||
}
|
}
|
||||||
|
|
||||||
this.dfd = $.ajax({
|
this.dfd = wp.apiRequest({
|
||||||
url: wp.media.view.settings.oEmbedProxyUrl,
|
url: wp.media.view.settings.oEmbedProxyUrl,
|
||||||
data: {
|
data: {
|
||||||
url: url,
|
url: url,
|
||||||
maxwidth: this.model.get( 'width' ),
|
maxwidth: this.model.get( 'width' ),
|
||||||
maxheight: this.model.get( 'height' ),
|
maxheight: this.model.get( 'height' )
|
||||||
_wpnonce: wp.media.view.settings.nonce.wpRestApi
|
|
||||||
},
|
},
|
||||||
type: 'GET',
|
type: 'GET',
|
||||||
dataType: 'json',
|
dataType: 'json',
|
||||||
|
@ -53,13 +53,12 @@ EmbedLink = wp.media.view.Settings.extend({
|
|||||||
url = 'https://www.youtube.com/watch?v=' + youTubeEmbedMatch[ 1 ];
|
url = 'https://www.youtube.com/watch?v=' + youTubeEmbedMatch[ 1 ];
|
||||||
}
|
}
|
||||||
|
|
||||||
this.dfd = $.ajax({
|
this.dfd = wp.apiRequest({
|
||||||
url: wp.media.view.settings.oEmbedProxyUrl,
|
url: wp.media.view.settings.oEmbedProxyUrl,
|
||||||
data: {
|
data: {
|
||||||
url: url,
|
url: url,
|
||||||
maxwidth: this.model.get( 'width' ),
|
maxwidth: this.model.get( 'width' ),
|
||||||
maxheight: this.model.get( 'height' ),
|
maxheight: this.model.get( 'height' )
|
||||||
_wpnonce: wp.media.view.settings.nonce.wpRestApi
|
|
||||||
},
|
},
|
||||||
type: 'GET',
|
type: 'GET',
|
||||||
dataType: 'json',
|
dataType: 'json',
|
||||||
|
@ -3437,7 +3437,6 @@ function wp_enqueue_media( $args = array() ) {
|
|||||||
'captions' => ! apply_filters( 'disable_captions', '' ),
|
'captions' => ! apply_filters( 'disable_captions', '' ),
|
||||||
'nonce' => array(
|
'nonce' => array(
|
||||||
'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
|
'sendToEditor' => wp_create_nonce( 'media-send-to-editor' ),
|
||||||
'wpRestApi' => wp_create_nonce( 'wp_rest' ),
|
|
||||||
),
|
),
|
||||||
'post' => array(
|
'post' => array(
|
||||||
'id' => 0,
|
'id' => 0,
|
||||||
|
@ -133,6 +133,14 @@ function wp_default_scripts( &$scripts ) {
|
|||||||
'broken' => __('An unidentified error has occurred.')
|
'broken' => __('An unidentified error has occurred.')
|
||||||
) );
|
) );
|
||||||
|
|
||||||
|
$scripts->add( 'wp-api-request', "/wp-includes/js/api-request$suffix.js", array( 'jquery' ), false, 1 );
|
||||||
|
// `wpApiSettings` is also used by `wp-api`, which depends on this script.
|
||||||
|
did_action( 'init' ) && $scripts->localize( 'wp-api-request', 'wpApiSettings', array(
|
||||||
|
'root' => esc_url_raw( get_rest_url() ),
|
||||||
|
'nonce' => ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ),
|
||||||
|
'versionString' => 'wp/v2/',
|
||||||
|
) );
|
||||||
|
|
||||||
$scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-widget', 'jquery-ui-position' ), '20111129a', 1 );
|
$scripts->add( 'wp-pointer', "/wp-includes/js/wp-pointer$suffix.js", array( 'jquery-ui-widget', 'jquery-ui-position' ), '20111129a', 1 );
|
||||||
did_action( 'init' ) && $scripts->localize( 'wp-pointer', 'wpPointerL10n', array(
|
did_action( 'init' ) && $scripts->localize( 'wp-pointer', 'wpPointerL10n', array(
|
||||||
'dismiss' => __('Dismiss'),
|
'dismiss' => __('Dismiss'),
|
||||||
@ -566,17 +574,12 @@ function wp_default_scripts( &$scripts ) {
|
|||||||
|
|
||||||
// To enqueue media-views or media-editor, call wp_enqueue_media().
|
// To enqueue media-views or media-editor, call wp_enqueue_media().
|
||||||
// Both rely on numerous settings, styles, and templates to operate correctly.
|
// Both rely on numerous settings, styles, and templates to operate correctly.
|
||||||
$scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement' ), false, 1 );
|
$scripts->add( 'media-views', "/wp-includes/js/media-views$suffix.js", array( 'utils', 'media-models', 'wp-plupload', 'jquery-ui-sortable', 'wp-mediaelement', 'wp-api-request' ), false, 1 );
|
||||||
$scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 );
|
$scripts->add( 'media-editor', "/wp-includes/js/media-editor$suffix.js", array( 'shortcode', 'media-views' ), false, 1 );
|
||||||
$scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 );
|
$scripts->add( 'media-audiovideo', "/wp-includes/js/media-audiovideo$suffix.js", array( 'media-editor' ), false, 1 );
|
||||||
$scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 );
|
$scripts->add( 'mce-view', "/wp-includes/js/mce-view$suffix.js", array( 'shortcode', 'jquery', 'media-views', 'media-audiovideo' ), false, 1 );
|
||||||
|
|
||||||
$scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore' ), false, 1 );
|
$scripts->add( 'wp-api', "/wp-includes/js/wp-api$suffix.js", array( 'jquery', 'backbone', 'underscore', 'wp-api-request' ), false, 1 );
|
||||||
did_action( 'init' ) && $scripts->localize( 'wp-api', 'wpApiSettings', array(
|
|
||||||
'root' => esc_url_raw( get_rest_url() ),
|
|
||||||
'nonce' => ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ),
|
|
||||||
'versionString' => 'wp/v2/',
|
|
||||||
) );
|
|
||||||
|
|
||||||
if ( is_admin() ) {
|
if ( is_admin() ) {
|
||||||
$scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 );
|
$scripts->add( 'admin-tags', "/wp-admin/js/tags$suffix.js", array( 'jquery', 'wp-ajax-response' ), false, 1 );
|
||||||
@ -669,12 +672,12 @@ function wp_default_scripts( &$scripts ) {
|
|||||||
$scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) );
|
$scripts->add( 'admin-gallery', "/wp-admin/js/gallery$suffix.js", array( 'jquery-ui-sortable' ) );
|
||||||
|
|
||||||
$scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable' ), false, 1 );
|
$scripts->add( 'admin-widgets', "/wp-admin/js/widgets$suffix.js", array( 'jquery-ui-sortable', 'jquery-ui-draggable', 'jquery-ui-droppable' ), false, 1 );
|
||||||
$scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views' ) );
|
$scripts->add( 'media-widgets', "/wp-admin/js/widgets/media-widgets$suffix.js", array( 'jquery', 'media-models', 'media-views', 'wp-api-request' ) );
|
||||||
$scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' );
|
$scripts->add_inline_script( 'media-widgets', 'wp.mediaWidgets.init();', 'after' );
|
||||||
|
|
||||||
$scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
|
$scripts->add( 'media-audio-widget', "/wp-admin/js/widgets/media-audio-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
|
||||||
$scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) );
|
$scripts->add( 'media-image-widget', "/wp-admin/js/widgets/media-image-widget$suffix.js", array( 'media-widgets' ) );
|
||||||
$scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo' ) );
|
$scripts->add( 'media-video-widget', "/wp-admin/js/widgets/media-video-widget$suffix.js", array( 'media-widgets', 'media-audiovideo', 'wp-api-request' ) );
|
||||||
$scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) );
|
$scripts->add( 'text-widgets', "/wp-admin/js/widgets/text-widgets$suffix.js", array( 'jquery', 'backbone', 'editor', 'wp-util', 'wp-a11y' ) );
|
||||||
$scripts->add_inline_script( 'text-widgets', 'wp.textWidgets.init();', 'after' );
|
$scripts->add_inline_script( 'text-widgets', 'wp.textWidgets.init();', 'after' );
|
||||||
|
|
||||||
|
@ -19,7 +19,8 @@
|
|||||||
</script>
|
</script>
|
||||||
<script>
|
<script>
|
||||||
var wpApiSettings = {
|
var wpApiSettings = {
|
||||||
'root': 'http://localhost/wp-json/'
|
root: 'http://localhost/wp-json/',
|
||||||
|
nonce: 'not_a_real_nonce'
|
||||||
};
|
};
|
||||||
</script>
|
</script>
|
||||||
<script src="../../src/wp-includes/js/wp-util.js"></script>
|
<script src="../../src/wp-includes/js/wp-util.js"></script>
|
||||||
@ -77,6 +78,7 @@
|
|||||||
<script src="../../src/wp-includes/js/customize-models.js"></script>
|
<script src="../../src/wp-includes/js/customize-models.js"></script>
|
||||||
<script src="../../src/wp-includes/js/shortcode.js"></script>
|
<script src="../../src/wp-includes/js/shortcode.js"></script>
|
||||||
<script src="../../src/wp-admin/js/customize-controls.js"></script>
|
<script src="../../src/wp-admin/js/customize-controls.js"></script>
|
||||||
|
<script src="../../src/wp-includes/js/api-request.js"></script>
|
||||||
<script src="../../src/wp-includes/js/wp-api.js"></script>
|
<script src="../../src/wp-includes/js/wp-api.js"></script>
|
||||||
|
|
||||||
<script type='text/javascript' src='../../src/wp-includes/js/jquery/ui/core.js'></script>
|
<script type='text/javascript' src='../../src/wp-includes/js/jquery/ui/core.js'></script>
|
||||||
@ -122,6 +124,7 @@
|
|||||||
<script src="wp-admin/js/customize-base.js"></script>
|
<script src="wp-admin/js/customize-base.js"></script>
|
||||||
<script src="wp-admin/js/customize-header.js"></script>
|
<script src="wp-admin/js/customize-header.js"></script>
|
||||||
<script src="wp-includes/js/shortcode.js"></script>
|
<script src="wp-includes/js/shortcode.js"></script>
|
||||||
|
<script src="wp-includes/js/api-request.js"></script>
|
||||||
<script src="wp-includes/js/wp-api.js"></script>
|
<script src="wp-includes/js/wp-api.js"></script>
|
||||||
<script src="wp-admin/js/customize-controls.js"></script>
|
<script src="wp-admin/js/customize-controls.js"></script>
|
||||||
<script src="wp-admin/js/customize-controls-utils.js"></script>
|
<script src="wp-admin/js/customize-controls-utils.js"></script>
|
||||||
|
Loading…
Reference in New Issue
Block a user