diff --git src/wp-includes/js/wp-api.js src/wp-includes/js/wp-api.js
index d25a9a7b81..76757d9f3d 100644
|
|
|
880 | 880 | }; |
881 | 881 | |
882 | 882 | // Update the nonce when a new nonce is returned with the response. |
883 | | options.complete = function( xhr ) { |
| 883 | options.complete = _.bind( function( xhr ) { |
884 | 884 | var returnedNonce = xhr.getResponseHeader( 'X-WP-Nonce' ); |
885 | 885 | |
886 | 886 | if ( returnedNonce && _.isFunction( model.nonce ) && model.nonce() !== returnedNonce ) { |
887 | 887 | model.endpointModel.set( 'nonce', returnedNonce ); |
| 888 | if ( 'rest_cookie_invalid_nonce' === xhr.responseJSON.code ) { |
| 889 | this.sync( method, model, options ); |
| 890 | } |
888 | 891 | } |
889 | | }; |
| 892 | }, this ); |
| 893 | |
| 894 | |
890 | 895 | } |
891 | 896 | |
892 | 897 | // Add '?force=true' to use delete method when required. |
diff --git src/wp-includes/rest-api.php src/wp-includes/rest-api.php
index 697a7cc64b..e8e3f5340e 100644
|
|
function rest_cookie_check_errors( $result ) { |
780 | 780 | // Check the nonce. |
781 | 781 | $result = wp_verify_nonce( $nonce, 'wp_rest' ); |
782 | 782 | |
| 783 | if ( is_user_logged_in() ) { |
| 784 | |
| 785 | // Send a refreshed nonce in header. |
| 786 | rest_get_server()->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) ); |
| 787 | } |
| 788 | |
783 | 789 | if ( ! $result ) { |
784 | 790 | return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) ); |
785 | 791 | } |
786 | 792 | |
787 | | // Send a refreshed nonce in header. |
788 | | rest_get_server()->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) ); |
789 | 793 | |
790 | 794 | return true; |
791 | 795 | } |