nonce, caching and ajax oh my (3 posts)

  1. John Turner
    Posted 4 years ago #

    I'm creating a plugin and I have a form that displays on the front end of the wp site and I use ajax to submit it back to the backend. I'm having an issue when using a caching plugin where the nonce is invalid because of the cached page being server.

    Are there any best practices to get around this short of not using a nonce?

    I have search and so far have not found anything.

  2. Big Bagel
    Posted 4 years ago #

    Can any visitor use the form on the front end? I'm not an expert (so hopefully an expert corrects me if I'm wrong) but, if so, I believe the best you can do is validate/escape any input and sanitize any later output. Nonces are really only to protect users from being tricked into performing unwanted actions; if your taking information from the front end and storing it in the database I don't think nonces are necessary.

  3. John Turner
    Posted 4 years ago #

    yes, when the nonce is valid it works. Only after the nonce expire and a cached version is displayed does it break.

    I do validate and escape the request so maybe Ill skip nonce on the front end.

Topic Closed

This topic has been closed to new replies.

About this Topic


No tags yet.