| 254 | * Filter whether to send a refreshed nonce header in response authenticated |
| 255 | * requests that include a valid nonce. |
| 256 | * |
| 257 | * @since 4.5.0 |
| 258 | * |
| 259 | * @param bool $rest_send_refreshed_nonce Whether to send a refreshed nonce in the response headers. |
| 260 | */ |
| 261 | $nonce = null; |
| 262 | |
| 263 | // Find existing nonce. |
| 264 | if ( isset( $_REQUEST['_wpnonce'] ) ) { |
| 265 | $nonce = $_REQUEST['_wpnonce']; |
| 266 | } elseif ( isset( $_SERVER['HTTP_X_WP_NONCE'] ) ) { |
| 267 | $nonce = $_SERVER['HTTP_X_WP_NONCE']; |
| 268 | } |
| 269 | |
| 270 | // Check the nonce. |
| 271 | $nonce_is_valid = wp_verify_nonce( $nonce, 'wp_rest' ); |
| 272 | |
| 273 | $rest_send_refreshed_nonce = apply_filters( 'rest_send_refreshed_nonce', is_user_logged_in() && $nonce_is_valid ); |
| 274 | $this->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) ); |
| 275 | |
| 276 | /** |