Fix stats nonce

aatanasovdev · aatanasovdev · commit 1aee510ce0af · 2026-02-02T11:48:28.000+02:00
diff --git a/js/cloudinary.js b/js/cloudinary.js
diff --git a/php/ui/component/class-progress-sync.php b/php/ui/component/class-progress-sync.php
@@ -34,8 +34,9 @@ class Progress_Sync extends Progress_Ring {
 	protected function wrap( $struct ) {
 		$struct = parent::wrap( $struct );
 		if ( true === $this->setting->get_param( 'poll' ) ) {
-			$struct['attributes']['data-url']  = Utils::rest_url( REST_API::BASE . '/stats' );
-			$struct['attributes']['data-poll'] = true;
+			$struct['attributes']['data-url']   = Utils::rest_url( REST_API::BASE . '/stats' );
+			$struct['attributes']['data-poll']  = true;
+			$struct['attributes']['data-nonce'] = wp_create_nonce( REST_API::NONCE_KEY );
 		}
 
 		return $struct;
diff --git a/src/js/components/progress.js b/src/js/components/progress.js
@@ -6,6 +6,7 @@ import { __ } from '@wordpress/i18n';
 
 const Progress = {
 	data: {},
+	nonce: '',
 	context: null,
 	init( context ) {
 		this.context = context;
@@ -26,6 +27,10 @@ const Progress = {
 			} else if ( 'circle' === item.dataset.progress ) {
 				this.circle( item );
 			}
+
+			if ( ! this.nonce ) {
+				this.nonce = item.dataset?.nonce;
+			}
 		} );
 
 		for ( const url in this.data ) {
@@ -143,6 +148,9 @@ const Progress = {
 		apiFetch( {
 			path: url,
 			method: 'GET',
+			headers: {
+				'X-WP-Nonce': this.nonce,
+			},
 		} ).then( ( result ) => {
 			this.data[ url ].items.forEach( ( item ) => {
 				if ( typeof result[ item.dataset.basetext ] !== 'undefined' ) {
