REST API: Ensure no-cache headers are sent when methods are ovverriden.

Props tykoted, xknown, ehtis, timothyblynjacobs, peterwilsoncc, rmccue, jorbin. Built from https://develop.svn.wordpress.org/trunk@56834 git-svn-id: http://core.svn.wordpress.org/trunk@56346 1a063a9b-81f0-0310-95a4-ce76da25c4cd
2023-10-12 12:32:32 +00:00
parent 4cfb52760f
commit 3f1e6a6a50
3 changed files with 26 additions and 19 deletions
--- a/wp-includes/rest-api.php
+++ b/wp-includes/rest-api.php
@@ -1090,6 +1090,7 @@ function rest_cookie_check_errors( $result ) {
 	$result = wp_verify_nonce( $nonce, 'wp_rest' );

 	if ( ! $result ) {
+		add_filter( 'rest_send_nocache_headers', '__return_true', 20 );
 		return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie check failed' ), array( 'status' => 403 ) );
 	}