Support » Plugin: In Stock Mailer for WooCommerce » user not logged in

Viewing 15 replies - 16 through 30 (of 36 total)
  • Plugin Author Frank

    (@frankspress)

    I think I found the issue.
    Your site is not using pretty permalinks.
    If you go to Settings -> Permalinks you will notice your site is using plain, if you pick another one and save the issue should be solved.
    Otherwise you can wait till I post an update with the fix.

    Thank you,
    Frank

    Eduardo

    (@eduardoluism)

    Hi Frank,

    I’m already using Permalinks (custom) “/produtos/%product_cat%/”.

    Thank you

    Eduardo

    (@eduardoluism)

    Hello Friend,

    I really like your plugin, can you help find the issue?

    Thank you,

    B regards,
    Eduardo

    Plugin Author Frank

    (@frankspress)

    Hi, I just released an update,
    let me know if that fixed your issue.
    Frank

    Eduardo

    (@eduardoluism)

    Hi Frank,

    Same error =(

    How can I send you a pvt message with the website link?

    thank you.
    Eduardo

    Plugin Author Frank

    (@frankspress)

    Yes sure, you can use my Website, or send an email to frank@frankspress.com

    Eduardo

    (@eduardoluism)

    Hello,

    Updated your plugin, wordpress, theme etc.. the issue remains =(

    Plugin Author Frank

    (@frankspress)

    Ok I got your email, the issue is the 403 caused, “bad nonce”..
    WP nonce is a value that gets regenerated every 24 hours I believe. Something ( a plugin or maybe CDN, Cloudflare ?? ) is caching the old nonce. This is a problem because when WP compares the two values the request gets rejected.
    Do you have any caching system in place?

    Eduardo

    (@eduardoluism)

    Hello,

    I tried disabling CloudFlare (dev mode on) and W3 total cache. Same error. =(

    Plugin Author Frank

    (@frankspress)

    Hi,
    I checked your product page again and the nonce has been regenerated but it still returns an invalid nonce code.
    Do you have any security plugin activated, other caching plugins that you think may be the issue? I would suggest going through your activated plugins and check that because I believe it might be the root of the problem.

    Eduardo

    (@eduardoluism)

    Eduardo

    (@eduardoluism)

    that did the trick.

    $send_no_cache_headers = apply_filters(‘rest_send_nocache_headers’, is_user_logged_in());
    if (!$send_no_cache_headers && !is_admin() && $_SERVER[‘REQUEST_METHOD’] == ‘POST’) {
    $nonce = wp_create_nonce(‘wp_rest’);
    $_SERVER[‘HTTP_X_WP_NONCE’] = $nonce;
    }

    Any security problem using it?

    Plugin Author Frank

    (@frankspress)

    Yes!
    Registered users and other types of users that are logged in will be subject to CSRF and other attacks. The hack is basically overriding the nonce in the superglobal $_SERVER.
    You can at least replace !is_admin() with !is_user_logged_in(), but again, you might want to find the plugin that is doing the caching.

    Eduardo

    (@eduardoluism)

    Hi Frank!

    Ok. Understood!

    I tried disabling all Plugins, didn’t work, same error =(

    Plugin Author Frank

    (@frankspress)

    You can limit the code above to this specific plugin, and if you can’t find a solution to the caching issue you could use this code.

    if ( defined('REST_REQUEST') && strpos( $_SERVER['REQUEST_URI'], 'in-stock-mailer/v1' ) ) {
      $send_no_cache_headers = apply_filters('rest_send_nocache_headers', is_user_logged_in());
      if (!$send_no_cache_headers && !is_user_logged_in() ) {
                $_SERVER['HTTP_X_WP_NONCE'] = wp_create_nonce('wp_rest');
      }
    }

    I haven’t tested the code above, but it should work.
    Let me know.

Viewing 15 replies - 16 through 30 (of 36 total)
  • You must be logged in to reply to this topic.