diff --git src/wp-includes/js/wp-api.js src/wp-includes/js/wp-api.js
index c6ff5a872f..31886d280b 100644
|
|
|
|
| 793 | 793 | model.unset( 'slug' ); |
| 794 | 794 | } |
| 795 | 795 | |
| 796 | | if ( ! _.isUndefined( wpApiSettings.nonce ) && ! _.isNull( wpApiSettings.nonce ) ) { |
| | 796 | if ( _.isFunction( model.nonce ) && ! _.isUndefined( model.nonce() ) && ! _.isNull( model.nonce() ) ) { |
| 797 | 797 | beforeSend = options.beforeSend; |
| 798 | 798 | |
| 799 | 799 | // @todo enable option for jsonp endpoints |
| 800 | 800 | // options.dataType = 'jsonp'; |
| 801 | 801 | |
| | 802 | // Include the nonce with requests. |
| 802 | 803 | options.beforeSend = function( xhr ) { |
| 803 | | xhr.setRequestHeader( 'X-WP-Nonce', wpApiSettings.nonce ); |
| | 804 | xhr.setRequestHeader( 'X-WP-Nonce', model.nonce() ); |
| 804 | 805 | |
| 805 | 806 | if ( beforeSend ) { |
| 806 | 807 | return beforeSend.apply( this, arguments ); |
| 807 | 808 | } |
| 808 | 809 | }; |
| | 810 | |
| | 811 | // Update the nonce when a new nonce is returned with the response. |
| | 812 | options.complete = function( xhr ) { |
| | 813 | var returnedNonce = xhr.getResponseHeader( 'X-WP-Nonce' ); |
| | 814 | |
| | 815 | if ( returnedNonce && _.isFunction( model.nonce ) && model.nonce() !== returnedNonce ) { |
| | 816 | model.endpointModel.set( 'nonce', returnedNonce ); |
| | 817 | } |
| | 818 | }; |
| 809 | 819 | } |
| 810 | 820 | |
| 811 | 821 | // Add '?force=true' to use delete method when required. |
| … |
… |
|
| 1048 | 1058 | defaults: { |
| 1049 | 1059 | apiRoot: wpApiSettings.root, |
| 1050 | 1060 | versionString: wp.api.versionString, |
| | 1061 | nonce: null, |
| 1051 | 1062 | schema: null, |
| 1052 | 1063 | models: {}, |
| 1053 | 1064 | collections: {} |
| … |
… |
|
| 1065 | 1076 | model.schemaConstructed = deferred.promise(); |
| 1066 | 1077 | |
| 1067 | 1078 | model.schemaModel = new wp.api.models.Schema( null, { |
| 1068 | | apiRoot: model.get( 'apiRoot' ), |
| 1069 | | versionString: model.get( 'versionString' ) |
| | 1079 | apiRoot: model.get( 'apiRoot' ), |
| | 1080 | versionString: model.get( 'versionString' ), |
| | 1081 | nonce: model.get( 'nonce' ) |
| 1070 | 1082 | } ); |
| 1071 | 1083 | |
| 1072 | 1084 | // When the model loads, resolve the promise. |
| … |
… |
|
| 1238 | 1250 | return url; |
| 1239 | 1251 | }, |
| 1240 | 1252 | |
| | 1253 | // Track nonces on the Endpoint 'routeModel'. |
| | 1254 | nonce: function() { |
| | 1255 | return routeModel.get( 'nonce' ); |
| | 1256 | }, |
| | 1257 | |
| | 1258 | endpointModel: routeModel, |
| | 1259 | |
| 1241 | 1260 | // Include a reference to the original route object. |
| 1242 | 1261 | route: modelRoute, |
| 1243 | 1262 | |
| … |
… |
|
| 1284 | 1303 | return url; |
| 1285 | 1304 | }, |
| 1286 | 1305 | |
| | 1306 | // Track nonces at the Endpoint level. |
| | 1307 | nonce: function() { |
| | 1308 | return routeModel.get( 'nonce' ); |
| | 1309 | }, |
| | 1310 | |
| | 1311 | endpointModel: routeModel, |
| | 1312 | |
| 1287 | 1313 | // Include a reference to the original route object. |
| 1288 | 1314 | route: modelRoute, |
| 1289 | 1315 | |
| … |
… |
|
| 1405 | 1431 | var endpoint, attributes = {}, deferred, promise; |
| 1406 | 1432 | |
| 1407 | 1433 | args = args || {}; |
| | 1434 | attributes.nonce = args.nonce || wpApiSettings.nonce || ''; |
| 1408 | 1435 | attributes.apiRoot = args.apiRoot || wpApiSettings.root || '/wp-json'; |
| 1409 | 1436 | attributes.versionString = args.versionString || wpApiSettings.versionString || 'wp/v2/'; |
| 1410 | 1437 | attributes.schema = args.schema || null; |