From f89c25a43d87131539f4af0aaf3e64b00524e40c Mon Sep 17 00:00:00 2001 From: Scott Taylor Date: Fri, 4 Dec 2015 23:35:54 +0000 Subject: [PATCH] REST API: Core typically sends nocache headers on all auth'ed responses, as in `wp`, `admin-ajax`, etc. Because the REST API infrastructure is hooked in pre-wp, we should be setting this ourselves. Adds unit tests. Props joehoyle. Fixes #34832. git-svn-id: https://develop.svn.wordpress.org/trunk@35773 602fd350-edb4-49c9-b593-d223f7449a82 --- .../rest-api/class-wp-rest-server.php | 14 ++++++++++ tests/phpunit/includes/spy-rest-server.php | 16 ++++++++++++ tests/phpunit/tests/rest-api/rest-server.php | 26 +++++++++++++++++++ 3 files changed, 56 insertions(+) diff --git a/src/wp-includes/rest-api/class-wp-rest-server.php b/src/wp-includes/rest-api/class-wp-rest-server.php index 2c46fd8d58..dad4070384 100644 --- a/src/wp-includes/rest-api/class-wp-rest-server.php +++ b/src/wp-includes/rest-api/class-wp-rest-server.php @@ -236,6 +236,20 @@ class WP_REST_Server { $this->send_header( 'Access-Control-Expose-Headers', 'X-WP-Total, X-WP-TotalPages' ); $this->send_header( 'Access-Control-Allow-Headers', 'Authorization' ); + /** + * Send nocache headers on authenticated requests. + * + * @since 4.4.0 + * + * @param bool $rest_send_nocache_headers Whether to send no-cache headers. + */ + $send_no_cache_headers = apply_filters( 'rest_send_nocache_headers', is_user_logged_in() ); + if ( $send_no_cache_headers ) { + foreach ( wp_get_nocache_headers() as $header => $header_value ) { + $this->send_header( $header, $header_value ); + } + } + /** * Filter whether the REST API is enabled. * diff --git a/tests/phpunit/includes/spy-rest-server.php b/tests/phpunit/includes/spy-rest-server.php index c90ac2fcf3..9a1b78a25e 100644 --- a/tests/phpunit/includes/spy-rest-server.php +++ b/tests/phpunit/includes/spy-rest-server.php @@ -1,6 +1,10 @@ sent_headers[ $header ] = $value; + } + + public function serve_request( $path = null ) { + + ob_start(); + $result = parent::serve_request( $path ); + $this->sent_body = ob_get_clean(); + return $result; + } } diff --git a/tests/phpunit/tests/rest-api/rest-server.php b/tests/phpunit/tests/rest-api/rest-server.php index c9431f0954..33e3f24b3c 100644 --- a/tests/phpunit/tests/rest-api/rest-server.php +++ b/tests/phpunit/tests/rest-api/rest-server.php @@ -619,4 +619,30 @@ class Tests_REST_Server extends WP_Test_REST_TestCase { $this->assertContains( 'test/example', $namespaces ); $this->assertContains( 'test/another', $namespaces ); } + + public function test_nocache_headers_on_authenticated_requests() { + $editor = self::factory()->user->create( array( 'role' => 'editor' ) ); + $request = new WP_REST_Request( 'GET', '/', array() ); + wp_set_current_user( $editor ); + + $result = $this->server->serve_request('/'); + $headers = $this->server->sent_headers; + + foreach ( wp_get_nocache_headers() as $header => $value ) { + $this->assertTrue( isset( $headers[ $header ] ), sprintf( 'Header %s is not present in the response.', $header ) ); + $this->assertEquals( $value, $headers[ $header ] ); + } + } + + public function test_no_nocache_headers_on_unauthenticated_requests() { + $editor = self::factory()->user->create( array( 'role' => 'editor' ) ); + $request = new WP_REST_Request( 'GET', '/', array() ); + + $result = $this->server->serve_request('/'); + $headers = $this->server->sent_headers; + + foreach ( wp_get_nocache_headers() as $header => $value ) { + $this->assertFalse( isset( $headers[ $header ] ) && $headers[ $header ] === $value, sprintf( 'Header %s is set to nocache.', $header ) ); + } + } }