Description

Gutenberg can find itself in an infinite loop of REST requests due to an invalid nonce if a user uses their site over https but at some point happens to load up the login screen over http. This happened to me in a local environment where I don't force https traffic but have a cert available. I inadvertently navigated to the http address, realized my mistake and re-navigated to the https address, and when I created a post in Gutenberg it was unusable.

Step-by-step reproduction instructions

1. Sign into wp-admin successfully at https address, e.g. https://wp.test/wp-admin/.
2. Load up the http:// variant of wp-admin, e.g. http://wp.test/wp-admin/. You will get the login screen but don't sign in.
3. Load up wp-admin again at the https address, e.g. https://wp.test/wp-admin/
4. Open browser console and go to network tab
5. Navigate to create a new post in GB, e.g. https://wp.test/wp-admin/post-new.php
6. Observe an infinite loop of 403 requests in the network tab of the browser console due to invalid nonces.

Screenshots, screen recording, code snippet

Environment info

• WordPress 5.8.1 using Twenty Twenty-One theme, no plugins active
• Chrome 95.0.4638.54
• MacOS 11.6

Please confirm that you have searched existing issues in the repo.

Yes

Please confirm that you have tested with all plugins deactivated except Gutenberg.

Yes