Cookie-Nonce is invalid!

  • Resolved Gevorg

    (@gev0rg)


    4 years, 10 months ago

    Hi

    We have recently migrated a WordPress-WooCommerce Installation from the development server to a different domain on the live server.

    Unfortunately I can no longer save any changes in the existing slideshows created with MetaSlider. The slideshows were created on the development server and they have all the settings preserved, but it is no longer possible to save any changes or to delete them.

    The error that is produced is called:

    Cookie-Nonce is invalid!

    These things I have tried without success:

    () I have tried different users, administrator and shop manager

    () Emptying the browser cache

    () Deactivating the security plugin which, besides other things, does block REST-Api

    () Deleting the MetaSlider Plugin from the system and installing it anew.

    () Generating new WordPress salt

    () Deactivating all non-essential settings in the htaccess file

    All these steps did not help to get rid of the error. I wonder what the reason for it may be?

    The MetaSlider plugin still works without any problems on the development server, despite the same security plugin and htaccess settings and so on.

    Here some additional information:

    The folder-structure of the WordPress installation is changed for security reasons, just as it is also the case on the development server.

    The wp-config file on the live server contains this information:

    define('APP_ROOT', dirname(__DIR__));
define('WP_HOME', '//domain.tld');
define('WP_SITEURL', WP_HOME . '/wordpress_installation_folder/');
define('WP_CONTENT_DIR', APP_ROOT . '/path-to/changed_wp-content_folder_name');
define('WP_CONTENT_URL', WP_HOME . '/changed_wp-content_folder_name');

    furthermore:

    define('ADMIN_COOKIE_PATH', '/');
define('COOKIE_DOMAIN', '');
define('COOKIEPATH', '/wordpress_installation_folder/');
define('SITECOOKIEPATH', '');

    These settings work quite well and solve problems that can occur when the folder-structure of the WordPress installation is changed for security reasons.

    Is there any parameter missing to make MetaSlider work properly? As I said, there is no problem with the MetaSlider plugin on the development server with similar settings for that environment.

    Due to the changes of the installation folder, the .htaccess file contains the following information to make the website work correctly:

    <IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www.)?domain.tld$
RewriteCond %{REQUEST_URI} !^/wordpress_installation_folder/
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /wordpress_installation_folder/$1
RewriteCond %{HTTP_HOST} ^(www.)?domain.tld$
RewriteRule ^(/)?$ wordpress_installation_folder/index.php [L] 
</IfModule>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress

    Is there anything that may cause problems with MetaSlider plugin?

    Thank you if you can find the time to give me a hint about what may be causing the problem.

    • This topic was modified 4 years, 10 months ago by Gevorg.
Viewing 5 replies - 1 through 5 (of 5 total)

  • Hi,

    The access gate we use is pretty simple:

    if (isset($_SERVER['HTTP_X_WP_NONCE']) && wp_verify_nonce($_SERVER['HTTP_X_WP_NONCE'], 'wp_rest')) {
	return current_user_can($capability);
}

    So for some reason wp_verify_nonce() is failing for you.

    It wouldn’t have anything to do with changing the content dir or WP install dir as I also have those changed on my development server.

    I’m not really sure when that typically fails. I checked stack overflow and some people recommend just clearing the browser cookies. Have you tried that?

    Does it fail in every browser?

    Thread Starter Gevorg

    (@gev0rg)

    I had tried deleting all cookies several times.

    After your reply I also tried different browsers, old and new version browsers, but the error remains.

    Here some additional info that might help:

    After the migration to the live server there were some problems in WordPress Customizer. It would not accept any changes to be saved. A message would appear saying:

    A higher level of permission is needed

    This message would appear even for admin users who were trying to make changes in WordPress Customizer.

    I circumvented this by activating the following directive in the htaccess file:

    <IfModule mod_headers.c>
    Header always set X-Frame-Options "DENY" "expr=%{CONTENT_TYPE} =~ m#text/html#i"
</IfModule>

    This directive also helps to prevent the customizer from reloading the live preview of the website each and every time a tiny change is made to the settings. This htaccess directive got rid of the message “A higher level of permission is needed” and prevented the live preview of the website from being loaded, which makes working in WordPress Customizer much faster.

    But as I stated in my first post, I deactivated all non-essential settings in the htaccess file for the purpose of testing, including the directive mentioned above.

    However, if there is some kind of conflict with user permission levels still existing, then it may be effecting MetaSlider also.

    Any idea if the problem might be related to this?

    Since it appears you have some coding knowledge, your best bet would be to navigate directly to the metaslider file (ml-slider/routes/api.php line 82) and var_dump() some of the items there to see what is being sent through.

    Here’s the docs on the function that’s failing for you: https://developer.www.ads-software.com/reference/functions/wp_verify_nonce/

    You could try to dump out some of those as well.

    You can also make sure the nonce is sending through the network correctly from the network tab. I’d also look in the console for errors.

    https://prnt.sc/s6yk9k

    Thread Starter Gevorg

    (@gev0rg)

    Thank you for your help so far.

    I may continue with it tomorrow.

    If I find out something new I’ll post it here on this forum.

    Hi,

    I’ll mark this as resolved as we didn’t hear back, but feel free to reply if needed and if you find out any new information that might help others.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Cookie-Nonce is invalid!’ is closed to new replies.