<?php
/* 1. Pass authentication data to the server */
add_action( 'wp_footer', function() {
?>
<script>
(function($) {
$(function() {
FWP.hooks.addFilter('facetwp/ajax_settings', function(settings) {
settings.headers = {
'X-WP-Nonce': FWP_JSON.nonce
};
return settings;
});
});
})(jQuery);
</script>
<?php
}, 100 );
/* 2. Only allow logged-in users to access the API */
add_filter( 'rest_request_before_callbacks', function( $response, $handler ) {
if ( 'facetwp_api_refresh' == $handler['callback'] ) {
if ( ! is_user_logged_in() ) {
$response = new WP_Error( 'logged_out', 'Only logged-in users can access this API' );
}
}
return $response;
}, 10, 2 );