Plugin Support
qtwrk
(@qtwrk)
this usually means a nonce issue
please check that 403 request, see what is the request header or body , it will contain the nonce name
Thread Starter
vaisor
(@vaisor)
Yes, it contains nonce. Am I able to fix this somehow?
Plugin Support
qtwrk
(@qtwrk)
yes , get the nonce name , search through the plugin or theme that is responsible for that ajax call , and share the code how it generates nonce
Thread Starter
vaisor
(@vaisor)
First one is from trx addons, action – trx_addons_login_user. It uses trx_addons_verify_nonce function to check for nonce. I’m not sure how deep i should go, but inside I can see they use wp_verify_nonce right after trimming it. It’s nonce checking process, not generating it though, so I’m not sure if it’s enough.
Plugin Support
qtwrk
(@qtwrk)
please share me the line that generates/verify the nonce trx_addons_login_user
Thread Starter
vaisor
(@vaisor)
//Action call
function trx_addons_users_login_user() {
if ( ! trx_addons_get_option('login_via_ajax') ) return;
trx_addons_verify_nonce();
// etc...
function trx_addons_verify_nonce( $nonce = 'nonce', $mask = '' ) {
if ( empty( $mask ) ) {
$mask = admin_url('admin-ajax.php');
}
if ( ! wp_verify_nonce( trx_addons_get_value_gp( $nonce ), $mask ) ) {
trx_addons_forbidden();
}
}
function trx_addons_get_value_gp($name, $defa='') {
if (isset($_GET[$name])) $rez = $_GET[$name];
else if (isset($_POST[$name])) $rez = $_POST[$name];
else $rez = $defa;
return trx_addons_stripslashes($rez);
}
Sorry for late response. Is this code sufficient?
Plugin Support
qtwrk
(@qtwrk)
okay , please try enable ESI, then add nonce into ESI nonce list , save and purge all , see how it goes
