diff --git src/wp-includes/js/wp-api.js src/wp-includes/js/wp-api.js
index d25a9a7b81..76757d9f3d 100644
|
|
|
|
| 880 | 880 | }; |
| 881 | 881 | |
| 882 | 882 | // Update the nonce when a new nonce is returned with the response. |
| 883 | | options.complete = |
| | 883 | options.complete = _.bind( function( xhr ) { |
| 884 | 884 | var returnedNonce = xhr.getResponseHeader( 'X-WP-Nonce' ); |
| 885 | 885 | |
| 886 | 886 | if ( returnedNonce && _.isFunction( model.nonce ) && model.nonce() !== returnedNonce ) { |
| 887 | 887 | model.endpointModel.set( 'nonce', returnedNonce ); |
| | 888 | if ( 'rest_cookie_invalid_nonce' === xhr.responseJSON.code ) { |
| | 889 | this.sync( method, model, options ); |
| | 890 | } |
| 888 | 891 | } |
| 889 | | }; |
| | 892 | }, this ); |
| | 893 | |
| | 894 | |
| 890 | 895 | } |
| 891 | 896 | |
| 892 | 897 | // Add '?force=true' to use delete method when required. |
diff --git src/wp-includes/rest-api.php src/wp-includes/rest-api.php
index 697a7cc64b..e8e3f5340e 100644
|
|
|
function rest_cookie_check_errors( $result ) { |
| 780 | 780 | // Check the nonce. |
| 781 | 781 | $result = wp_verify_nonce( $nonce, 'wp_rest' ); |
| 782 | 782 | |
| | 783 | if ( is_user_logged_in() ) { |
| | 784 | |
| | 785 | // Send a refreshed nonce in header. |
| | 786 | rest_get_server()->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) ); |
| | 787 | } |
| | 788 | |
| 783 | 789 | if ( ! $result ) { |
| 784 | 790 | return new WP_Error( 'rest_cookie_invalid_nonce', __( 'Cookie nonce is invalid' ), array( 'status' => 403 ) ); |
| 785 | 791 | } |
| 786 | 792 | |
| 787 | | // Send a refreshed nonce in header. |
| 788 | | rest_get_server()->send_header( 'X-WP-Nonce', wp_create_nonce( 'wp_rest' ) ); |
| 789 | 793 | |
| 790 | 794 | return true; |
| 791 | 795 | } |