Following on from Nonces and Ajax request to REST API and verification I implemented the Nonce functionality, with callback permissions and the ‘intent’ of my routes are now secure.
I enqueue Axios, with wp_rest nonce as a local script setting.
I set my Ajax headers up with axiosScriptVars.nonce. I POST – this works. I return a NONCE from my REST_API endpoint’s response, and update my Ajax header ready for the next POST…
Example of my log in and log out route:
POSTING fails because the New NONCE is identical to the old.
So I thought WordPress must return a new nonce in the response header… I check and see the “x-wp-nonce” header – only it is also identical!
(I read something about not using wp_json_success in REST routes – as the rest api already turns the return of your function into a json response and sets the correct headers etc.)
When I hard refresh the page, I get a new nonce and my AJAX now works…
How can I force a new nonce to be returned, so that AJAX works without refreshing the page?
This post is kinda similar – Serving nonces through AJAX is not refreshing nonce, returning 403 error, but I can’t see anything in my code which is changing the user and invalidating the nonce…
Unless, the log in route – now logged in – changes the nonce, which doesn’t get returned?
I’ve refactored using Sally’s answer. All works (although I had to clear my browser cache as some weird stuff was happening).
- Hiện tại chúng tôi có hơn 25 nghìn bài văn mẫu các thể loại.
- Kho tài liệu, đề thi học sinh giỏi các lớp vô cùng phong phú.
- Mỗi ngày cập nhật hơn 100 đề thi chất lượng từ các website bán tài liệu lớn.
Tải đề thi VIP với giá siêu rẻ tại Vip.Dethihsg247.Com