Nonce error on shortcode

  • Resolved Patrick_D1985

    (@patrick_d1985)


    6 months, 3 weeks ago

    Hi there,

    Sometimes I seem to be getting the following response;

    {"success":"no","message":"Nonce error"}

    From the action “da_reactions_load_buttons”.
    I am using the following in my template;

    <?php
    if (is_plugin_active('da-reactions-premium/da-reactions.php')) {
    global $post;
    $item_type = $post->post_type;
    $item_id = $post->ID;
    echo do_shortcode('[reactions id="' . $item_id . '" type="' . $item_type . '"]');
    }

    Refreshing the page does not seem to give me a new nonce. I am using FlyingPress as my caching solution.

    Is there a good way to make sure the shortcode always renders instead of giving the above mentioned response? Hope you can help me with that.

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Author Daniele Alessandra

    (@danielealessandra)

    Hi Patrick,

    Thank you for reporting this issue.

    Surely this is a bug that I need to solve as soon as possible, I’m thinking of removing nonce validation on first call and generating a new nonce with every new request. I’m going to work on it in the next few days. In the meantime, to resolve the issue temporarily, you could try:

    • Disabling the cache: For the specific page or for the shortcode itself.
    • Editing source to remove nonce validation: As a temporary workaround, inside classes/DaReactions/Ajax.php find and remove the block if ( ! $valid_nonce ) { ... } inside loadButtons function.

    I’ll keep you updated on the progress of the fix and let you know as soon as it’s available.

    Thank you for your patience and understanding.

    Best regards, Daniele

    Thread Starter Patrick_D1985

    (@patrick_d1985)

    Hi Daniele,

    Thanks for getting back to me ?? much appreciated!

    Disabling cache for the shortcode, would not even know how to make that happen. (Beside some hacky ways, which you shouldnt do hahaha)
    And for the specific page it a bit hard, as I do use it on more or less on every CPT except “page”.

    I’ll give the other workaround a chance later on and report back.

    Best regards and thanks again!

    Plugin Author Daniele Alessandra

    (@danielealessandra)

    Thank you for your patience, I can confirm that removing that part didt the trick, now the function looks like this:

    	/**
    	 * Invoked from frontend to load button asynchronously
    	 * Must not validate nonce because it is not a security issue
    	 * And, most of all, some cache plugin may not work properly
    	 *
    	 * @since 1.0.0
    	 */
    	public function loadButtons() {
    		header( "Cache-Control: no-store, no-cache, must-revalidate, max-age=0" );
    		header( "Cache-Control: post-check=0, pre-check=0", false );
    		header( "Pragma: no-cache" );

    		$_POST     = filter_input_array( INPUT_POST, FILTER_SANITIZE_FULL_SPECIAL_CHARS );
    		$item_id   = (int) $_POST['id'];
    		$item_type = sanitize_text_field( $_POST['type'] );

    		echo Frontend::getButtons( $item_type, $item_id );

    		exit();
    	}

    I’m going to run some tests, but basically this is the fix.

    Updated version will be released for everyone in the next few days.

    Thread Starter Patrick_D1985

    (@patrick_d1985)

    Hi there Daniele,

    Yeah I was able to test it myself a minute ago, and once the nonce check was gone the issue is gone.
    Thanks being swift about this, very very much appreciated for sure.

    Keep up being awesome!

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Nonce error on shortcode’ is closed to new replies.