From 8a4beeacb400dab20f49d9d9949a02d170295c18 Mon Sep 17 00:00:00 2001
From: vnmedeiros <vnicius.nm.ba@gmail.com>
Date: Mon, 2 Mar 2020 11:38:48 -0300
Subject: [PATCH] create `nonce` only if user is logged in.

---
 src/views/admin/js/axios.js                                 | 6 ++++--
 src/views/class-tainacan-admin.php                          | 2 +-
 .../gutenberg-blocks/class-tainacan-gutenberg-block.php     | 2 +-
 src/views/gutenberg-blocks/js/axios.js                      | 3 ++-
 4 files changed, 8 insertions(+), 5 deletions(-)

diff --git a/src/views/admin/js/axios.js b/src/views/admin/js/axios.js
index 34d2d6035..b0f8f41b7 100644
--- a/src/views/admin/js/axios.js
+++ b/src/views/admin/js/axios.js
@@ -4,15 +4,17 @@ export const tainacan = axios.create({
     baseURL: tainacan_plugin.tainacan_api_url
 });
 
-if (tainacan_plugin.nonce)
+if (tainacan_plugin.nonce) {
     tainacan.defaults.headers.common['X-WP-Nonce'] = tainacan_plugin.nonce;
+}
 
 export const wp = axios.create({
     baseURL: tainacan_plugin.wp_api_url
 });
 
-if (tainacan_plugin.nonce)
+if (tainacan_plugin.nonce) {
     wp.defaults.headers.common['X-WP-Nonce'] = tainacan_plugin.nonce;
+}
 
 export const CancelToken = axios.CancelToken;
 export const isCancel = axios.isCancel;
diff --git a/src/views/class-tainacan-admin.php b/src/views/class-tainacan-admin.php
index 849c8226f..17749aa8e 100644
--- a/src/views/class-tainacan-admin.php
+++ b/src/views/class-tainacan-admin.php
@@ -223,7 +223,7 @@ class Admin {
 			'tainacan_api_url'         	=> esc_url_raw( rest_url() ) . 'tainacan/v2',
 			'wp_api_url'            	=> esc_url_raw( rest_url() ) . 'wp/v2/',
 			'wp_ajax_url'            	=> admin_url( 'admin-ajax.php' ),
-			'nonce'                  	=> wp_create_nonce( 'wp_rest' ),
+			'nonce'                  	=> is_user_logged_in() ? wp_create_nonce( 'wp_rest' ) : false,
 			'components'             	=> $components,
 			'i18n'                   	=> $tainacan_admin_i18n,
 			'user_caps'              	=> $user_caps,
diff --git a/src/views/gutenberg-blocks/class-tainacan-gutenberg-block.php b/src/views/gutenberg-blocks/class-tainacan-gutenberg-block.php
index edd511d3d..7fe402ee0 100644
--- a/src/views/gutenberg-blocks/class-tainacan-gutenberg-block.php
+++ b/src/views/gutenberg-blocks/class-tainacan-gutenberg-block.php
@@ -326,7 +326,7 @@ function tainacan_blocks_get_plugin_js_settings(){
 
 	$settings = [
 		'root'     	=> esc_url_raw( rest_url() ) . 'tainacan/v2',
-		'nonce'   	=> wp_create_nonce( 'wp_rest' ),
+		'nonce'   	=> is_user_logged_in() ? wp_create_nonce( 'wp_rest' ) : false,
 		'base_url' 	=> $TAINACAN_BASE_URL,
 		'admin_url' => admin_url(),
 		'site_url'	=> site_url(),
diff --git a/src/views/gutenberg-blocks/js/axios.js b/src/views/gutenberg-blocks/js/axios.js
index 5cf9f2adc..cd7a8b86d 100644
--- a/src/views/gutenberg-blocks/js/axios.js
+++ b/src/views/gutenberg-blocks/js/axios.js
@@ -4,7 +4,8 @@ const tainacan = axios.create({
     baseURL: tainacan_blocks.root
 });
 
-if (tainacan_blocks.nonce)
+if (tainacan_blocks.nonce) {
     tainacan.defaults.headers.common['X-WP-Nonce'] = tainacan_blocks.nonce;
+}
 
 export default tainacan;
\ No newline at end of file