Plugins using the ‘nonce_life’ hook can cause issues

  • Jack

    (@jack1132132)


    2 years, 1 month ago

    Hello,

    I’ve noticed that some plugins change the nonce life lifespan which can cause some issues.

    For example, ajax requests aren’t filtered for plugins because they aren’t pages.

    If a plugin delivers the page with a nonce, and then this nonce is verified on an ajax request and this ajax request loads a plugin which changes the lifespan of the nonces using the ‘nonce_life’ hook, then the nonce will be incorrect because the nonce wasn’t generated with said plugin and its ‘nonce_life’ hook active.

    It happened to me using the ‘bp-better-messages’ plugin as I deactivated it for visitors.

    Thank you.

Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
  • The topic ‘Plugins using the ‘nonce_life’ hook can cause issues’ is closed to new replies.