diff --git a/src/wp-includes/js/wp-api.js b/src/wp-includes/js/wp-api.js
index 3f950a4..38135cc 100644
a
|
b
|
(this hunk was shorter than expected) |
758 | 758 | model.unset( 'slug' ); |
759 | 759 | } |
760 | 760 | |
761 | | if ( ! _.isUndefined( wpApiSettings.nonce ) && ! _.isNull( wpApiSettings.nonce ) ) { |
| 761 | if ( ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) { |
762 | 762 | beforeSend = options.beforeSend; |
763 | 763 | |
764 | 764 | // @todo enable option for jsonp endpoints |
765 | 765 | // options.dataType = 'jsonp'; |
766 | 766 | |
| 767 | // Include the nonce with requests. |
767 | 768 | options.beforeSend = function( xhr ) { |
768 | | xhr.setRequestHeader( 'X-WP-Nonce', wpApiSettings.nonce ); |
| 769 | xhr.setRequestHeader( 'X-WP-Nonce', model.nonce() ); |
769 | 770 | |
770 | 771 | if ( beforeSend ) { |
771 | 772 | return beforeSend.apply( this, arguments ); |
772 | 773 | } |
773 | 774 | }; |
| 775 | |
| 776 | // Update the nonce when a new nonce is returned with the response. |
| 777 | options.complete = function( xhr ) { |
| 778 | var returnedNonce = xhr.getResponseHeader( 'X-WP-Nonce' ); |
| 779 | |
| 780 | if ( returnedNonce && model.nonce() !== returnedNonce ) { |
| 781 | model.endpointModel.set( 'nonce', returnedNonce ); |
| 782 | } |
| 783 | }; |
774 | 784 | } |
775 | 785 | |
776 | 786 | // Add '?force=true' to use delete method when required. |
… |
… |
|
1009 | 1020 | defaults: { |
1010 | 1021 | apiRoot: wpApiSettings.root, |
1011 | 1022 | versionString: wp.api.versionString, |
| 1023 | nonce: null, |
1012 | 1024 | schema: null, |
1013 | 1025 | models: {}, |
1014 | 1026 | collections: {} |
… |
… |
|
1026 | 1038 | model.schemaConstructed = deferred.promise(); |
1027 | 1039 | |
1028 | 1040 | model.schemaModel = new wp.api.models.Schema( null, { |
1029 | | apiRoot: model.get( 'apiRoot' ), |
1030 | | versionString: model.get( 'versionString' ) |
| 1041 | apiRoot: model.get( 'apiRoot' ), |
| 1042 | versionString: model.get( 'versionString' ), |
| 1043 | nonce: model.get( 'nonce' ) |
1031 | 1044 | } ); |
1032 | 1045 | |
1033 | 1046 | // When the model loads, resolve the promise. |
… |
… |
|
1194 | 1207 | return url; |
1195 | 1208 | }, |
1196 | 1209 | |
| 1210 | // Track nonces on the Endpoint 'routeModel'. |
| 1211 | nonce: function() { |
| 1212 | return routeModel.get( 'nonce' ); |
| 1213 | }, |
| 1214 | |
| 1215 | endpointModel: routeModel, |
| 1216 | |
1197 | 1217 | // Include a reference to the original route object. |
1198 | 1218 | route: modelRoute, |
1199 | 1219 | |
… |
… |
|
1240 | 1260 | return url; |
1241 | 1261 | }, |
1242 | 1262 | |
| 1263 | // Track nonces at the Endpoint level. |
| 1264 | nonce: function() { |
| 1265 | return routeModel.get( 'nonce' ); |
| 1266 | }, |
| 1267 | |
| 1268 | endpointModel: routeModel, |
| 1269 | |
1243 | 1270 | // Include a reference to the original route object. |
1244 | 1271 | route: modelRoute, |
1245 | 1272 | |
… |
… |
|
1361 | 1388 | var endpoint, attributes = {}, deferred, promise; |
1362 | 1389 | |
1363 | 1390 | args = args || {}; |
| 1391 | attributes.nonce = args.nonce || wpApiSettings.nonce || ''; |
1364 | 1392 | attributes.apiRoot = args.apiRoot || wpApiSettings.root || '/wp-json'; |
1365 | 1393 | attributes.versionString = args.versionString || wpApiSettings.versionString || 'wp/v2/'; |
1366 | 1394 | attributes.schema = args.schema || null; |