Support » Plugin: LiteSpeed Cache » Cached REST API nonce expires

  • Resolved zhabini

    (@zhabini)


    Hi,

    I’m using the REST API nonce for making requests via the front-end as suggested by WordPress docs https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/

    <?php
    wp_localize_script( 'wp-api', 'wpApiSettings', array(
        'root' => esc_url_raw( rest_url() ),
        'nonce' => wp_create_nonce( 'wp_rest' )
    ) );

    But LiteSpeed caches the whole page, so the nonce expires. Strangely, this issue didn’t occur until the latest major update. Is there any solution for this? Many themes use the same approach, they output nonce as a JavaScript variable and then pass it with the API requests made via the front-end.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support qtwrk

    (@qtwrk)

    Hi,

    Could you please enable ESI and put “wp_rest” into ESI nonce list ?

    Best regards,

    Thread Starter zhabini

    (@zhabini)

    I’ve resolved this by disabling the nonce check for logged-out users (it makes no sense anyway since they all have the same nonce). Thanks for your reply, this topic can be closed.

    @zhabini , We have same nonce. Could you please let us know how did you disabled that nonce check for logged-out users?. Thanks.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Cached REST API nonce expires’ is closed to new replies.