Skip to content

feat: AJAX uses token authentication #181

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 8 commits into
base: trunk
Choose a base branch
from
Draft

feat: AJAX uses token authentication #181

wants to merge 8 commits into from

Conversation

dcalhoun
Copy link
Member

@dcalhoun dcalhoun commented Sep 19, 2025
edited
Loading

Related:

What?

Authenticate AJAX requests with application passwords send via an authorization
header.

Why?

The GutenbergKit editor does not have authorization cookies, so we must rely
upon a different authorization mechanism.

Ref CMM-713. Close CMM-768.

How?

Set the Authorization header via jQuery.ajaxSetup and by overloading the
window.wp.ajax utilities.

Testing Instructions

Tip

Test using prototype builds from the sibling PRs:

Note

Selecting media from cloud-based storage providers on Android often fails due to a Chrome bug (CMM-782); use the Browse... menu to select local files.

  1. Apply the required Jetpack changes and WPCOM (192792-ghe-Automattic/wpcom) changes to your site.
  2. Proxy your test device's networking through to your modified WPCOM in step 1.
  3. Open the experimental block editor in the Jetpack mobile app for Android.
  4. Insert a VideoPress block.
  5. Attach media.
  6. Verify the upload succeeds.

Accessibility Testing Instructions

N/A, no navigation changes.

Screenshots or screencast

N/A, no visual changes.

@dcalhoun
feat: Authorize AJAX with application passwords
470c268 
Include authorization header in AJAX requets, as we do not have cookies
to send in the mobile app environment.
@dcalhoun dcalhoun added the [Type] Enhancement A suggestion for improvement. label Sep 19, 2025
@dcalhoun
refactor: Rename AJAX and api-fetch configuration utilities
8e5d6d7
@dcalhoun
fix: Configure AJAX after the library loads
682e0df 
If we configure AJAX before loading the library, the configuration is
overridden.
@dcalhoun dcalhoun force-pushed the feat/authorize-ajax-with-application-passwords branch from a051ea4 to 682e0df Compare September 19, 2025 20:00
@dcalhoun dcalhoun changed the title feat: Authorize AJAX with application passwords feat: Authorize AJAX with token authentication Sep 24, 2025
This was referenced Sep 24, 2025
Draft
Draft
Draft
@dcalhoun dcalhoun changed the title feat: Authorize AJAX with token authentication feat: AJAX uses token authentication Sep 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
[Type] Enhancement A suggestion for improvement.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dcalhoun