How to pass authentication data through REST API requests

By default, the WordPress REST API, which FacetWP uses, does not pass along authentication/user data.

This means that if your FacetWP template or custom code depends on detecting the currently logged-in user, or if you restrict WordPress or FacetWP REST API access to logged-in users, you will run into issues with your code not working after an AJAX refresh is triggered (which happens when using facets).

Examples would be code that depends on:

• is_user_logged_in()
• wp_get_current_user()
• wp_get_current_user_id()
• global $current_user and e.g. $current_user->roles

Fortunately, there’s an easy workaround: add the following code to your (child) theme’s functions.php:

How to use custom PHP code?
PHP code can be added to your (child) theme's functions.php file. Alternatively, you can use the Custom Hooks add-on, or a code snippets plugin. More info
/*
  Please note that caching may interfere with the NONCE,
  causing AJAX requests to fail. Please DISABLE CACHING for facet pages,
  or set the cache expiration to < 12 hours!
*/

add_action( 'wp_footer', function() {
  ?>
    <script>
      document.addEventListener('facetwp-loaded', function() {
        if (! FWP.loaded) { // initial pageload
          FWP.hooks.addFilter('facetwp/ajax_settings', function(settings) {
            settings.headers = { 'X-WP-Nonce': FWP_JSON.nonce };
            return settings;
          });
        }
      });
    </script>
  <?php
}, 100 );

See also

• The FacetWP REST API
• Using FacetWP with the WordPress REST API Authentication plugin
• Using FacetWP with the All-In-One Security (AIOS) plugin