WordPoints / dev-lib

Developer tools for WordPoints projects
MIT License
4 stars 0 forks source link

phpcs: flag usage of wp_nonce_url() #184

Open JDGrimes opened 7 years ago

JDGrimes commented 7 years ago

Using nonces in GET requests is a minor concern, since it leaks the nonce in proxy logs and browser history. Although WordPress's nonce system is designed to be robust against this, it is still probably best to avoid using nonces in GET requests whenever possible, especially for more sensitive transactions. So possibly we should consider flagging all uses of wp_nonce_url(), since that function adds an nonce to a URL as a GET parameter. Such code should be changed to supply the nonce via a POST request instead.