diff --git a/plugins/optimization-detective/detect.js b/plugins/optimization-detective/detect.js index cabcbe6c6..18eca7da4 100644 --- a/plugins/optimization-detective/detect.js +++ b/plugins/optimization-detective/detect.js @@ -253,6 +253,7 @@ function extendElementData( xpath, properties ) { * @param {number} args.maxViewportAspectRatio Maximum aspect ratio allowed for the viewport. * @param {boolean} args.isDebug Whether to show debug messages. * @param {string} args.restApiEndpoint URL for where to send the detection data. + * @param {string} [args.restApiNonce] Nonce for the REST API when the user is logged-in. * @param {string} args.currentETag Current ETag. * @param {string} args.currentUrl Current URL. * @param {string} args.urlMetricSlug Slug for URL Metric. @@ -269,6 +270,7 @@ export default async function detect( { isDebug, extensionModuleUrls, restApiEndpoint, + restApiNonce, currentETag, currentUrl, urlMetricSlug, @@ -664,6 +666,9 @@ export default async function detect( { } const url = new URL( restApiEndpoint ); + if ( typeof restApiNonce === 'string' ) { + url.searchParams.set( '_wpnonce', restApiNonce ); + } url.searchParams.set( 'slug', urlMetricSlug ); url.searchParams.set( 'current_etag', currentETag ); if ( typeof cachePurgePostId === 'number' ) { diff --git a/plugins/optimization-detective/detection.php b/plugins/optimization-detective/detection.php index 66eb08e99..c6fb4ff0c 100644 --- a/plugins/optimization-detective/detection.php +++ b/plugins/optimization-detective/detection.php @@ -137,6 +137,9 @@ static function ( OD_URL_Metric_Group $group ): array { 'storageLockTTL' => OD_Storage_Lock::get_ttl(), 'webVitalsLibrarySrc' => $web_vitals_lib_src, ); + if ( is_user_logged_in() ) { + $detect_args['restApiNonce'] = wp_create_nonce( 'wp_rest' ); + } if ( WP_DEBUG ) { $detect_args['urlMetricGroupCollection'] = $group_collection; } diff --git a/plugins/optimization-detective/docs/hooks.md b/plugins/optimization-detective/docs/hooks.md index a84469555..b0849fed3 100644 --- a/plugins/optimization-detective/docs/hooks.md +++ b/plugins/optimization-detective/docs/hooks.md @@ -102,7 +102,7 @@ add_filter( 'od_url_metrics_breakpoint_sample_size', function (): int { } ); ``` -### Filter: `od_url_metric_storage_lock_ttl` (default: 60 seconds, except 0 for admins) +### Filter: `od_url_metric_storage_lock_ttl` (default: 60 seconds, except 0 for authorized logged-in users) Filters how long the current IP is locked from submitting another URL metric storage REST API request. @@ -114,7 +114,7 @@ add_filter( 'od_metrics_storage_lock_ttl', function ( int $ttl ): int { } ); ``` -By default, the TTL is zero (0) for administrator users and sixty (60) for everyone else. Whether the current user is an administrator is determined by whether the user has the `od_store_url_metric_now` capability. This meta capability by default maps to the `manage_options` capability via the `map_meta_cap` filter. +By default, the TTL is zero (0) for authorized users and sixty (60) for everyone else. Whether the current user is authorized is determined by whether the user has the `od_store_url_metric_now` capability. This meta capability by default maps to the `manage_options` primitive capability via the `map_meta_cap` filter. During development this is useful to set to zero so you can quickly collect new URL Metrics by reloading the page without having to wait for the storage lock to release: diff --git a/plugins/optimization-detective/storage/class-od-storage-lock.php b/plugins/optimization-detective/storage/class-od-storage-lock.php index 009079fa1..a6c6927da 100644 --- a/plugins/optimization-detective/storage/class-od-storage-lock.php +++ b/plugins/optimization-detective/storage/class-od-storage-lock.php @@ -84,9 +84,9 @@ public static function get_ttl(): int { * return is_user_logged_in() ? 0 : $ttl; * } ); * - * By default, the TTL is zero (0) for administrator users and sixty (60) for everyone else. Whether the current - * user is an administrator is determined by whether the user has the `od_store_url_metric_now` capability. This - * meta capability by default maps to the `manage_options` capability via the `map_meta_cap` filter. + * By default, the TTL is zero (0) for authorized users and sixty (60) for everyone else. Whether the current + * user is authorized is determined by whether the user has the `od_store_url_metric_now` capability. This + * meta capability by default maps to the `manage_options` primitive capability via the `map_meta_cap` filter. * * @since 0.1.0 * @since 1.0.0 This now defaults to zero (0) for administrator users. diff --git a/plugins/optimization-detective/tests/test-detection.php b/plugins/optimization-detective/tests/test-detection.php index e783b079b..ac7d52440 100644 --- a/plugins/optimization-detective/tests/test-detection.php +++ b/plugins/optimization-detective/tests/test-detection.php @@ -210,5 +210,10 @@ public function test_od_get_detection_script_returns_script( Closure $set_up, ar $this->assertStringContainsString( '"minimumViewportWidth":601', $script ); $this->assertStringContainsString( '"minimumViewportWidth":783', $script ); $this->assertStringContainsString( '"complete":false', $script ); + if ( is_user_logged_in() ) { + $this->assertStringContainsString( '"restApiNonce":', $script ); + } else { + $this->assertStringNotContainsString( '"restApiNonce":', $script ); + } } }