ESI Nonces problem with EDD

  • Resolved Konrad Chmielewski

    (@hwk-fr)


    2 years, 7 months ago

    Hello,

    A recent ESI Nonce rules update GitHub PR #366 which added the following rules, made the edd-gateway nonce invalid when using PayPal Express gateway:

    edd-* private
edd_* private

    I had to comment those rules on my local esi.nonces.txt file to make the gateway correctly work again.

    Note that I opened a report on GitHub Issue #399 2 weeks ago, and the support told me that CloudFlare APO isn’t compatible with LSCWP. After that I totally disabled CloudFlare APO, but the problem persists.

    You’ll find my fully detailed reports and monologue on that GitHub issue, including an another problem with ESI Nonces introduced in LSCWP 4.4 update, which was then fixed in the 4.4.1 recent release.

    But we’re now back to the initial issue, described above. I decided to open a report here since it looks like it’s the best place for LSCWP plugin support.

    Here is my LiteSpeed Report Code: QDAADFSJ

    Thanks in advance for your help.

    Regards.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Support qtwrk

    (@qtwrk)

    2 years, 7 months ago

    Hi,

    please check the Slack message

    Best regards,

    Thread Starter Konrad Chmielewski

    (@hwk-fr)

    2 years, 7 months ago

    Hello,

    After some discussions with the LiteSpeed tech team, we stumbled upon an ESI logic limitation which doesn’t allow nonce creation + validation within the same page request with ESI enabled, which was the case in the EDD-Recurring addon.

    This kind of operation doesn’t have any pratical sense, thus why the bug wasn’t spotted before. The solution is to remove the nonce from the ESI nonces rules list. I’ll contact EDD team to let know that this nonce verification can be removed in the code, as it is useless.

    If someone need it, here is the filter I’m using to remove global EDD ESI nonces rules added within the LSCWP plugin:

    /*
 * LiteSpeed ESI: Remove global EDD nonces rules
 */
add_filter('litespeed_esi_nonces', 'my_edd_esi_nonces', 20);
function my_edd_esi_nonces($nonces){
    
    // check nonces
    if(empty($nonces)){
        return $nonces;
    }
    
    $modified = false;
    
    // loop
    foreach($nonces as $i => $nonce){
    
        // bail early if not edd
        if(strpos($nonce, 'edd-') !== 0 && strpos($nonce, 'edd_') !== 0){
            continue;
        }
        
        // unset
        unset($nonces[$i]);
        $modified = true;
    
    }
    
    // reorder array
    if($modified){
        $nonces = array_values($nonces);
    }
    
    // return
    return $nonces;
    
}

    Thanks for your help!

    Regards.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘ESI Nonces problem with EDD’ is closed to new replies.