From 63dbfbbd233a154bd4204e423dcee6b187019f67 Mon Sep 17 00:00:00 2001 From: aduth Date: Wed, 20 Mar 2019 20:52:08 +0000 Subject: [PATCH] Scripts: Assign api-fetch nonce with corrected rest_nonce. As of `@wordpress/api-fetch@3.0.0` (introduced in 44812), the `apiFetch` nonce middleware must have its nonce value assigned explicitly, and will no longer listen for heartbeat ticks automatically. This changeset adds an inline script for the default registration of the `api-fetch` script handle to assign the nonce value in response to the heartbeat action. In doing so, it removes the now-unused, misnamed `rest-nonce` property from the heartbeat response, whose original introduction served as temporary compatibility with earlier versions of `@wordpress/api-fetch`. See https://github.com/WordPress/gutenberg/pull/13451 See #45113 Props adamsilverstein, nerrad . Fixes #46107 . git-svn-id: http://develop.svn.wordpress.org/trunk@44949 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-admin/includes/misc.php | 2 -- src/wp-includes/script-loader.php | 22 +++++++++++++++++++++- 2 files changed, 21 insertions(+), 3 deletions(-) diff --git a/src/wp-admin/includes/misc.php b/src/wp-admin/includes/misc.php index c580c25c92..4648efc4af 100644 --- a/src/wp-admin/includes/misc.php +++ b/src/wp-admin/includes/misc.php @@ -1082,8 +1082,6 @@ function wp_refresh_post_nonces( $response, $data, $screen_id ) { function wp_refresh_heartbeat_nonces( $response ) { // Refresh the Rest API nonce. $response['rest_nonce'] = wp_create_nonce( 'wp_rest' ); - // TEMPORARY: Compat with api-fetch library - $response['rest-nonce'] = $response['rest_nonce']; // Refresh the Heartbeat nonce. $response['heartbeat_nonce'] = wp_create_nonce( 'heartbeat-nonce' ); diff --git a/src/wp-includes/script-loader.php b/src/wp-includes/script-loader.php index af65319791..3aee09ad6a 100644 --- a/src/wp-includes/script-loader.php +++ b/src/wp-includes/script-loader.php @@ -521,10 +521,30 @@ function wp_default_packages_scripts( &$scripts ) { function wp_default_packages_inline_scripts( &$scripts ) { global $wp_locale; + if ( isset( $scripts->registered['wp-api-fetch'] ) ) { + $scripts->registered['wp-api-fetch']->deps[] = 'wp-hooks'; + } $scripts->add_inline_script( 'wp-api-fetch', sprintf( - 'wp.apiFetch.use( wp.apiFetch.createNonceMiddleware( "%s" ) );', + implode( + "\n", + array( + '( function() {', + ' var nonceMiddleware = wp.apiFetch.createNonceMiddleware( "%s" );', + ' wp.apiFetch.use( nonceMiddleware );', + ' wp.hooks.addAction(', + ' "heartbeat.tick",', + ' "core/api-fetch/create-nonce-middleware",', + ' function( response ) {', + ' if ( response[ "rest_nonce" ] ) {', + ' nonceMiddleware.nonce = response[ "rest_nonce" ];', + ' }', + ' }', + ' );', + '} )();', + ) + ), ( wp_installing() && ! is_multisite() ) ? '' : wp_create_nonce( 'wp_rest' ) ), 'after'