// This is the promise object.
deferred.promise( this );
- this.previewer = params.previewer;
+ this.container = params.container;
+ this.signature = params.signature;
$.extend( params, { channel: api.PreviewFrame.uuid() });
this.request.done( function( response ) {
var location = self.request.getResponseHeader('Location'),
- signature = 'WP_CUSTOMIZER_SIGNATURE',
+ signature = self.signature,
index;
// Check if the location response header differs from the current URL.
response = response.slice( 0, index ) + response.slice( index + signature.length );
// Create the iframe and inject the html content.
- self.iframe = $('<iframe />').appendTo( self.previewer.container );
+ self.iframe = $('<iframe />').appendTo( self.container );
// Bind load event after the iframe has been added to the page;
// otherwise it will fire when injected into the DOM.
reject();
iframe = $('<iframe src="' + self.previewUrl() + '" />').hide();
- iframe.appendTo( self.previewer.container );
+ iframe.appendTo( self.container );
iframe.load( function() {
self.triedLogin = true;
this.container = api.ensure( params.container );
this.allowedUrls = params.allowedUrls;
+ this.signature = params.signature;
params.url = window.location.href;
url: this.url(),
previewUrl: this.previewUrl(),
query: this.query() || {},
- previewer: this
+ container: this.container,
+ signature: this.signature
});
this.loading.done( function() {
self.targetWindow( this.targetWindow() );
self.channel( this.channel() );
+
+ self.send( 'active' );
});
this.send( 'sync', {
container: '#customize-preview',
form: '#customize-controls',
previewUrl: api.settings.url.preview,
- allowedUrls: api.settings.url.allowed
+ allowedUrls: api.settings.url.allowed,
+ signature: 'WP_CUSTOMIZER_SIGNATURE'
}, {
+
+ nonce: api.settings.nonce,
+
query: function() {
return {
wp_customize: 'on',
theme: api.settings.theme.stylesheet,
- customized: JSON.stringify( api.get() )
+ customized: JSON.stringify( api.get() ),
+ nonce: this.nonce.preview
};
},
- nonce: $('#_wpnonce').val(),
-
save: function() {
var self = this,
query = $.extend( this.query(), {
action: 'customize_save',
- nonce: this.nonce
+ nonce: this.nonce.save
}),
request = $.post( api.settings.url.ajax, query );
}
});
+ // Refresh the nonces if the preview sends updated nonces over.
+ previewer.bind( 'nonce', function( nonce ) {
+ $.extend( this.nonce, nonce );
+ });
+
$.each( api.settings.settings, function( id, data ) {
api.create( id, id, data.value, {
transport: data.transport,