REST API JavaScript Client: Support an empty string for `nonce` to disable sending the X-WP-Nonce header.

Passing a `nonce` argument with an empty string to `wp.api.init()` now does no longer fall back to `wpApiSettings.nonce`. This makes it possible to stop sending nonce headers, for example to a read-only endpoint on another site in a multisite install.

Props adamsilverstein, FPCSJames, ocean90, swissspidy.
Fixes #42948, #43266.

git-svn-id: https://develop.svn.wordpress.org/trunk@42852 602fd350-edb4-49c9-b593-d223f7449a82
This commit is contained in:
Dominik Schilling (ocean90) 2018-03-18 17:20:47 +00:00
parent cde40c918f
commit ff5180e2a5
1 changed files with 4 additions and 3 deletions

View File

@ -848,7 +848,7 @@
model.unset( 'slug' ); model.unset( 'slug' );
} }
if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) { if ( _.isFunction( model.nonce ) && ! _.isEmpty( model.nonce() ) ) {
beforeSend = options.beforeSend; beforeSend = options.beforeSend;
// @todo enable option for jsonp endpoints // @todo enable option for jsonp endpoints
@ -992,7 +992,7 @@
options = options || {}; options = options || {};
if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) { if ( _.isFunction( model.nonce ) && ! _.isEmpty( model.nonce() ) ) {
beforeSend = options.beforeSend; beforeSend = options.beforeSend;
// Include the nonce with requests. // Include the nonce with requests.
@ -1490,6 +1490,7 @@
* Initialize the wp-api, optionally passing the API root. * Initialize the wp-api, optionally passing the API root.
* *
* @param {object} [args] * @param {object} [args]
* @param {string} [args.nonce] The nonce. Optional, defaults to wpApiSettings.nonce.
* @param {string} [args.apiRoot] The api root. Optional, defaults to wpApiSettings.root. * @param {string} [args.apiRoot] The api root. Optional, defaults to wpApiSettings.root.
* @param {string} [args.versionString] The version string. Optional, defaults to wpApiSettings.root. * @param {string} [args.versionString] The version string. Optional, defaults to wpApiSettings.root.
* @param {object} [args.schema] The schema. Optional, will be fetched from API if not provided. * @param {object} [args.schema] The schema. Optional, will be fetched from API if not provided.
@ -1498,7 +1499,7 @@
var endpoint, attributes = {}, deferred, promise; var endpoint, attributes = {}, deferred, promise;
args = args || {}; args = args || {};
attributes.nonce = args.nonce || wpApiSettings.nonce || ''; attributes.nonce = _.isString( args.nonce ) ? args.nonce : ( wpApiSettings.nonce || '' );
attributes.apiRoot = args.apiRoot || wpApiSettings.root || '/wp-json'; attributes.apiRoot = args.apiRoot || wpApiSettings.root || '/wp-json';
attributes.versionString = args.versionString || wpApiSettings.versionString || 'wp/v2/'; attributes.versionString = args.versionString || wpApiSettings.versionString || 'wp/v2/';
attributes.schema = args.schema || null; attributes.schema = args.schema || null;