Support » Plugin: WooCommerce » In the checkout page, order summary frame shows endless loading for cached nonce

  • Resolved nic0net

    (@nic0net)


    Hi,
    I have a problem in the checkout page of WooCommerce plugin, I prefer not to disclose the site URL unless it’s really necessary for further analysis.
    I suspect the problem being the one described in this WooCommerce documentation page, at point 3: “Invalid Response from an AJAX Call” where talks about cached nonce, quoting

    You may also see a response of -1, This is a security failure and is caused by a cached nonce.

    In fact the GET request to “https://mysite/homepage/?wc-ajax=update_order_review” gets a 403 response with “-1” as json response.

    Since the site is not already in production I switched back to twenty-sixteen theme and disabled all the plugins but WooCommerce. Then I removed all transient data and clients sessions from the WooCommerce control panel.
    Reading a bit about nonces I tried to purge the cache (if present) with a couple of plugins which I then deactivated and deleted, tried to complete the checkout from a different browser with cache disabled but this didn’t work.
    I found this discussion on the forum that is about a slightly different error but I think doesn’t apply to my situation because I don’t require authentication to complete the checkout process.
    For clarity consider that I have enabled Paypal as payment method but the issue persists even if I disable the option, with the one small difference: when Paypal is activated, inside this component: <div id="order_review" class="woocommerce-checkout-review-order"> (that shows the correct order summary information in transparency and above that the – endless – loading symbol) there is also the payment component: <div id="payment" class="woocommerce-checkout-payment" style="position: relative; zoom: 1;"> that behaves the exact same way.
    If anyone minded, I don’t use Braintree, instead I wanna point out that the website resides on a server managed by “Siteground” if may help.

    I wonder if someone could complete the documentation page cited at the beginning of the post adding further explanation on how to solve the cached nonce problem.

    I hope my explanation will help finding the solution. I will try to provide more details if needed, any help is appreciated.
    Thanks in advance.

    Technical details:

    
    ### WordPress Environment ###
    
    Home URL: https://<em>mysite<em>
    Site URL: https://<em>mysite<em>
    WC Version: 3.4.5
    Log Directory Writable: ✔
    WP Version: 4.9.8
    WP Multisite: –
    WP Memory Limit: 768 MB
    WP Debug Mode: –
    WP Cron: ✔
    Language: it_IT
    External object cache: –
    
    ### Server Environment ###
    
    Server Info: Apache
    PHP Version: 7.1.21 - Consigliamo di usare PHP versione 7.2 o superiore per prestazioni e sicurezza maggiori. Come aggiornare la versione di PHP
    PHP Post Max Size: 128 MB
    PHP Time Limit: 120
    PHP Max Input Vars: 3000
    cURL Version: 7.59.0
    OpenSSL/1.0.2k
    
    SUHOSIN Installed: –
    MySQL Version: 5.6.40-84.0-log
    Max Upload Size: 128 MB
    Default Timezone is UTC: ✔
    fsockopen/cURL: ✔
    SoapClient: ✔
    DOMDocument: ✔
    GZip: ✔
    Multibyte String: ✔
    Remote Post: ✔
    Remote Get: ✔
    
    ### Database ###
    
    WC Database Version: 3.4.5
    WC Database Prefix: wp_
    MaxMind GeoIP Database: ✔
    Dimensione totale database: 45.08MB
    Dimensione dati database: 30.86MB
    Dimensione indice database: 14.22MB
    wp_woocommerce_sessions: Dati: 0.02MB + Indice: 0.02MB
    wp_woocommerce_api_keys: Dati: 0.02MB + Indice: 0.03MB
    wp_woocommerce_attribute_taxonomies: Dati: 0.02MB + Indice: 0.02MB
    wp_woocommerce_downloadable_product_permissions: Dati: 0.02MB + Indice: 0.05MB
    wp_woocommerce_order_items: Dati: 0.02MB + Indice: 0.02MB
    wp_woocommerce_order_itemmeta: Dati: 0.02MB + Indice: 0.03MB
    wp_woocommerce_tax_rates: Dati: 0.02MB + Indice: 0.06MB
    wp_woocommerce_tax_rate_locations: Dati: 0.02MB + Indice: 0.03MB
    wp_woocommerce_shipping_zones: Dati: 0.02MB + Indice: 0.00MB
    wp_woocommerce_shipping_zone_locations: Dati: 0.02MB + Indice: 0.03MB
    wp_woocommerce_shipping_zone_methods: Dati: 0.02MB + Indice: 0.00MB
    wp_woocommerce_payment_tokens: Dati: 0.02MB + Indice: 0.02MB
    wp_woocommerce_payment_tokenmeta: Dati: 0.02MB + Indice: 0.03MB
    wp_woocommerce_log: Dati: 0.02MB + Indice: 0.02MB
    wp_commentmeta: Dati: 0.02MB + Indice: 0.03MB
    wp_comments: Dati: 0.02MB + Indice: 0.08MB
    wp_cuteslider: Dati: 0.00MB + Indice: 0.00MB
    wp_failed_jobs: Dati: 0.02MB + Indice: 0.00MB
    wp_icl_cms_nav_cache: Dati: 0.02MB + Indice: 0.00MB
    wp_icl_content_status: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_core_status: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_flags: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_languages: Dati: 0.02MB + Indice: 0.03MB
    wp_icl_languages_translations: Dati: 0.19MB + Indice: 0.11MB
    wp_icl_locale_map: Dati: 0.02MB + Indice: 0.00MB
    wp_icl_message_status: Dati: 0.02MB + Indice: 0.03MB
    wp_icl_mo_files_domains: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_node: Dati: 0.02MB + Indice: 0.00MB
    wp_icl_reminders: Dati: 0.02MB + Indice: 0.00MB
    wp_icl_strings: Dati: 4.52MB + Indice: 6.97MB
    wp_icl_string_packages: Dati: 0.02MB + Indice: 0.00MB
    wp_icl_string_pages: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_string_positions: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_string_status: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_string_translations: Dati: 4.52MB + Indice: 2.52MB
    wp_icl_string_urls: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_translate: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_translate_job: Dati: 0.02MB + Indice: 0.02MB
    wp_icl_translations: Dati: 0.16MB + Indice: 0.36MB
    wp_icl_translation_batches: Dati: 0.02MB + Indice: 0.00MB
    wp_icl_translation_status: Dati: 0.09MB + Indice: 0.05MB
    wp_links: Dati: 0.02MB + Indice: 0.02MB
    wp_mailchimp_carts: Dati: 0.02MB + Indice: 0.00MB
    wp_options: Dati: 3.02MB + Indice: 0.05MB
    wp_postmeta: Dati: 14.11MB + Indice: 2.70MB
    wp_posts: Dati: 1.45MB + Indice: 0.41MB
    wp_queue: Dati: 0.02MB + Indice: 0.00MB
    wp_revslider_css: Dati: 0.13MB + Indice: 0.00MB
    wp_revslider_layer_animations: Dati: 0.02MB + Indice: 0.00MB
    wp_revslider_navigations: Dati: 0.02MB + Indice: 0.00MB
    wp_revslider_sliders: Dati: 0.05MB + Indice: 0.00MB
    wp_revslider_slides: Dati: 1.52MB + Indice: 0.00MB
    wp_revslider_static_slides: Dati: 0.02MB + Indice: 0.00MB
    wp_termmeta: Dati: 0.02MB + Indice: 0.03MB
    wp_terms: Dati: 0.02MB + Indice: 0.03MB
    wp_term_relationships: Dati: 0.06MB + Indice: 0.02MB
    wp_term_taxonomy: Dati: 0.02MB + Indice: 0.03MB
    wp_usermeta: Dati: 0.02MB + Indice: 0.03MB
    wp_users: Dati: 0.02MB + Indice: 0.05MB
    wp_wc_download_log: Dati: 0.02MB + Indice: 0.03MB
    wp_wc_webhooks: Dati: 0.02MB + Indice: 0.02MB
    wp_wdi_feeds: Dati: 0.02MB + Indice: 0.02MB
    wp_wdi_themes: Dati: 0.02MB + Indice: 0.02MB
    wp_yoast_seo_links: Dati: 0.02MB + Indice: 0.02MB
    wp_yoast_seo_meta: Dati: 0.02MB + Indice: 0.00MB
    
    ### Post Type Counts ###
    
    attachment: 1988
    customize_changeset: 1
    nav_menu_item: 32
    page: 142
    portfolio: 13
    post: 3
    product: 104
    revision: 179
    zn_layout: 1
    zn_pb_templates: 2
    znpb_template_mngr: 4
    
    ### Security ###
    
    Secure connection (HTTPS): ✔
    Hide errors from visitors: ✔
    
    ### Active Plugins (1) ###
    
    WooCommerce: by Automattic – 3.4.5
    
    ### Settings ###
    
    API Enabled: ✔
    Force SSL: –
    Currency: EUR (€)
    Currency Position: left
    Thousand Separator: .
    Decimal Separator: ,
    Number of Decimals: 0
    Taxonomies: Product Types: external (external)
    grouped (grouped)
    simple (simple)
    variable (variable)
    
    Taxonomies: Product Visibility: exclude-from-catalog (exclude-from-catalog)
    exclude-from-search (exclude-from-search)
    featured (featured)
    outofstock (outofstock)
    rated-1 (rated-1)
    rated-2 (rated-2)
    rated-3 (rated-3)
    rated-4 (rated-4)
    rated-5 (rated-5)
    
    ### WC Pages ###
    
    Shop base: #2907 - /shop/
    Carrello: #4497 - /shopping-cart/
    Cassa: #102 - /checkout/
    Il mio account: #101 - /my-account/
    Termini e condizioni: ❌ La pagina non è impostata
    
    ### Theme ###
    
    Name: Twenty Sixteen
    Version: 1.5
    Author URL: https://wordpress.org/
    Child Theme: ❌ – Se stai modificando WooCommerce o un tema genitore che non hai costruito personalmente
    ti consigliamo di utilizzare un child theme. Vedi: Come creare un child theme
    
    WooCommerce Support: ✔
    
    ### Templates ###
    
    Overrides: –
    
    • This topic was modified 8 months ago by  nic0net.
Viewing 10 replies - 1 through 10 (of 10 total)
  • Plugin Author Claudiu Lodromanean

    (@claudiulodro)

    If your host is serving cached pages (e.g. with Varnish) this could cause the issue. When the ajax request is made there is a security nonce included with it (https://github.com/woocommerce/woocommerce/blob/84965af5e3b8c3fd92442b4a0765fcc20ce9438b/assets/js/frontend/checkout.js#L289). This nonce is periodically expired and a new one is created. If this nonce has expired you will get the error you are seeing if you try and use it, which would happen if the host was serving cached pages. Hope this helps.

    Thanks to your suggestion I checked the configuration of the hosting server and it was serving cached pages with SuperCache so I disabled it completely. Then I made sure that W3 Total Cache plugin was disabled and tried again.

    Sadly nothing changed, the XHR request is still returning “-1”.
    Here are the request headers:

    GET /homepage/?wc-ajax=update_order_review HTTP/1.1
    Host: mysite
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36
    Accept: */*
    Accept-Language: en-US,en;q=0.5
    Accept-Encoding: gzip, deflate, br
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    X-Requested-With: XMLHttpRequest
    Referer: https://mysite/
    Cookie: woocommerce_recently_viewed=4107; woocommerce_items_in_cart=1; woocommerce_cart_hash=5e13c537712460328de27639b4775792; wp_woocommerce_session_fb7619d5f9dbfb6b7e53950b21351237=af59e3b8eee76a79d26b9a113f63bbda%7C%7C1538405936%7C%7C1538402336%7C%7C8628e6225ad3386f992fd33635aa1b32
    DNT: 1
    Connection: keep-alive
    Pragma: no-cache
    Cache-Control: no-cache
    

    Why did it do the request to /homepage/? Shouldn’t be doing the request to some woocommerce plugin page?
    Note that in the root directory the .htaccess file has this rule: “Redirect /index.html /homepage/”.

    Here are the response headers:

    HTTP/2.0 403 Forbidden
    server: nginx
    date: Sat, 29 Sep 2018 15:00:28 GMT
    content-type: text/html; charset=UTF-8
    x-robots-tag: noindex
    x-content-type-options: nosniff
    expires: Wed, 11 Jan 1984 05:00:00 GMT
    cache-control: no-cache, must-revalidate, max-age=0
    set-cookie: woocommerce_items_in_cart=1; path=/
    woocommerce_cart_hash=5e13c537712460328de27639b4775792; path=/
    wp_woocommerce_session_fb7619d5f9dbfb6b7e53950b21351237=af59e3b8eee76a79d26b9a113f63bbda%7C%7C1538405936%7C%7C1538402336%7C%7C8628e6225ad3386f992fd33635aa1b32; expires=Mon, 01-Oct-2018 14:58:56 GMT; Max-Age=172708; path=/
    woocommerce_items_in_cart=1; path=/
    woocommerce_cart_hash=5e13c537712460328de27639b4775792; path=/
    wp_woocommerce_session_fb7619d5f9dbfb6b7e53950b21351237=af59e3b8eee76a79d26b9a113f63bbda%7C%7C1538405936%7C%7C1538402336%7C%7C8628e6225ad3386f992fd33635aa1b32; expires=Mon, 01-Oct-2018 14:58:56 GMT; Max-Age=172708; path=/
    host-header: 192fc2e7e50945beb8231a492d6a8024
    X-Firefox-Spdy: h2
    

    Are the fields “expires” and “cache-control” (the first ones) normal? Maybe 11 Jan 1984 is a bit old, isn’t it?

    I tried to make the request also with a different browser:
    (request)

    
    GET https://mysite/homepage/?wc-ajax=update_order_review HTTP/1.1
    Accept: */*
    Referer: https://mysite/checkout/
    Origin: https://mysite
    X-Requested-With: XMLHttpRequest
    User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/538.1 (KHTML, like Gecko) QupZilla/1.8.9 Safari/538.1
    Content-Type: application/x-www-form-urlencoded; charset=UTF-8
    

    (form data)

    
    security=09035d0cc5&payment_method=paypal&country=IT&state=&postcode=&city=&address=&address_2=&s_country=IT&s_state=&s_postcode=&s_city=&s_address=&s_address_2=&has_full_address=false&post_data=billing_first_name%3D%26billing_last_name%3D%26billing_company%3D%26billing_country%3DIT%26billing_address_1%3D%26billing_address_2%3D%26billing_city%3D%26billing_state%3D%26billing_postcode%3D%26billing_phone%3D%26billing_email%3D%26shipping_first_name%3D%26shipping_last_name%3D%26shipping_company%3D%26shipping_country%3DIT%26shipping_address_1%3D%26shipping_address_2%3D%26shipping_city%3D%26shipping_state%3D%26shipping_postcode%3D%26order_comments%3D%26shipping_method%255B0%255D%3Dflat_rate%253A1%26payment_method%3Dpaypal%26woocommerce-process-checkout-nonce%3Da6644d1faf%26_wp_http_referer%3D%252Fcheckout%252F&shipping_method%5B0%5D=flat_rate%3A1
    

    (response)

    
    Access-Control-Allow-Credentials:true
    Access-Control-Allow-Origin:https://mysite
    Cache-Control:no-cache, must-revalidate, max-age=0
    Connection:keep-alive
    Content-Type:text/html; charset=UTF-8
    Date:Sat, 29 Sep 2018 15:21:42 GMT
    Expires:Wed, 11 Jan 1984 05:00:00 GMT
    Host-Header:192fc2e7e50945beb8231a492d6a8024
    Server:nginx
    Set-Cookie:woocommerce_items_in_cart=1; path=/
    Set-Cookie:woocommerce_cart_hash=241875efe03875451293fc845026a03d; path=/
    Set-Cookie:wp_woocommerce_session_fb7619d5f9dbfb6b7e53950b21351237=b9d62d119ec9f5716c4c4d9d1c2ce5e9%7C%7C1538407276%7C%7C1538403676%7C%7C4987d91663f29677a9116930602ca6af; expires=Mon, 01-Oct-2018 15:21:16 GMT; Max-Age=172774; path=/
    Set-Cookie:woocommerce_items_in_cart=1; path=/
    Set-Cookie:woocommerce_cart_hash=241875efe03875451293fc845026a03d; path=/
    Set-Cookie:wp_woocommerce_session_fb7619d5f9dbfb6b7e53950b21351237=b9d62d119ec9f5716c4c4d9d1c2ce5e9%7C%7C1538407276%7C%7C1538403676%7C%7C4987d91663f29677a9116930602ca6af; expires=Mon, 01-Oct-2018 15:21:16 GMT; Max-Age=172774; path=/
    Transfer-Encoding:chunked
    X-Content-Type-Options:nosniff
    X-Robots-Tag:noindex
    

    Does this provide some useful information?
    Thanks for your interst.

    • This reply was modified 7 months, 3 weeks ago by  nic0net.

    Hi,
    I confirm that, server side, Siteground’s technicians said they disabled all the caches for my site. I deleted w3 total cache plugin and disabled the other plugins. Anyway the page is still there endless loading.
    I hope that soon somebody will find out something, I can’t be the only one with this problem.
    Thanks anyway to who tried to help until now.

    Plugin Support John Coy

    (@johndcoy)

    Automattic Happiness Engineer

    Hi @nic0net

    Can you create a new install with SiteGround and install WooCommerce and activate the TwentySeventeen theme, then tell us if you have the same issue?

    nic0net

    (@nic0net)

    Hi,

    I’m trying to set up another install both on localhost and with SiteGround to see where is the problem. I’ll get in touch as soon as possible.

    Plugin Support Andrew

    (@slash1andy)

    Automattic Happiness Engineer

    Do keep us updated on this please.

    I finally solved the problem, it was originated by the redirect rule in the .htaccess file under root directory: “Redirect /index.html /homepage/”.

    I’m sorry to have bothered you for a distraction like that,
    Thank you anyway.

    I’m having the exact same issue where random users keep having a white overlay on the checkout page. Can’t figure out what the problem is. Have deleted user sessions, transients, disabled all caching and turned on/off several plugins.

    When I was remote-desktopping a user that was experiencing the issue he also had the -1 returned on the pageload check.

    I can’t for the life of me figure out what is going on and how to fix this.

    Even the hosting turned off Varnisch Cache to be absolutely certain everything is generated on the get-go.

    Could you elaborate how the redirect was interfering with your nonce check?

    balefire

    (@balefire)

    I had this issue, and here’s what was happening to my site. Once a customer got to the checkout page and logged in as a returning customer, spinning wheels got stuck over the credit card (Stripe) area with the same error as described by @nic0net.

    In a single site build, a solution on another thread was to remove these lines from your wp-config file:
    define( ‘ADMIN_COOKIE_PATH’, ‘/’ );
    define( ‘COOKIE_DOMAIN’, ” );
    define( ‘COOKIEPATH’, ” );
    define( ‘SITECOOKIEPATH’, ” );

    In my case, I received the checkout error on my multisite build. I need some of those lines to prevent an admin redirect loop. After some trial and error, keeping these lines solved the problem and allowed admin login:
    define(‘ADMIN_COOKIE_PATH’, ‘/’);
    define(‘COOKIE_DOMAIN’, false);
    define(‘SITECOOKIEPATH’, ”);

    Removing define(‘COOKIEPATH’, ”); makes moving from one site to another in the admin break a bit – possibly due to the domain mapping plugin is setup. Logging into a child site on another browser is my workaround until the cookie issues are sorted out.

    nic0net

    (@nic0net)

    Regarding what happened to me I think that the Ajax request was made to the wrong page because of the redirect. As you can see my request was made to /homepage/?wc-ajax=update_order_review HTTP/1.1 but maybe should be made to /homepage/index.html?wc-ajax.... Note that there was a redirect from /index.html to /homepage.

Viewing 10 replies - 1 through 10 (of 10 total)
  • You must be logged in to reply to this topic.