-
Notifications
You must be signed in to change notification settings - Fork 794
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Instagram Gallery: Add the local user ID as state to the connect URL #15594
Conversation
7fbe423
to
1dc4be9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is going to need a rebase now.
acee7e4
to
0087ff5
Compare
0087ff5
to
680e5d9
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good to me and tests well. The only question I had was whether the endpoints are authenticated. did a cursory look and couldn't see how they were but I assume they are :)
680e5d9
to
ec1190f
Compare
1dc4be9
to
89f5ffe
Compare
If the current user is logged out of WPCOM then the nonce checks fail when they try to connect to Instagram. By adding the local user ID to the connect URL the the changes in D42574-code will run the nonce checks against the connected Jetpack user account ID.
ec1190f
to
99a0f8a
Compare
Rebase ✅ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
COOL!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This should be good to merge, but I would recommend committing the WordPress.com diff first. 👍
Just to say that I'm just waiting on a code/security review of D42574-code. It wouldn't break anything if this got merged first, but it might be best to wait. p1YhhO-M2-p2 |
The base branch was changed.
@pablinos I've noticed this branch is set to merge onto Also note that there is a missed fix from #15583, addressed in 54adbee. |
I changed the base to |
Just FYI, we are exploring a different approach in D42794-code that doesn't need any JP change. 🙂 |
I've abandoned D42574-code in favour of D42794-code, so this is no longer needed. |
If the current user is logged out of WPCOM then the nonce checks fail
when they try to connect to Instagram. By adding the local user ID to
the connect URL the changes in D42574-code will run the nonce checks
against the connected Jetpack user account ID.
Testing instructions:
Using this branch and having applied D42574-code. Sandbox the API, and test connecting the Instagram gallery block to Instagram while your connected Jetpack user is logged out of WPCOM.
Everything should work as expected!