ESI nonce showing only HTML comment issue

  • Resolved pmaxey0

    (@pmaxey0)


    9 months, 2 weeks ago

    My Litespeed Report # is PSDDDEHA

    I have had ESI enabled for about a week because some plugins included inline javascript with nonce values. I noticed the nonce values were not changing after 24 hours (or so), and it would cause the plugin not to function. Purging all caches would fix the problem, but 24 hours later the problem would happen again.

    Enabling ESI appeared to fix the problem. The nonce would regenerate as expected and the plugin worked normally.

    Suddenly the inline javascript is returning a console error of Invalid or unexpected token and instead of the nonce value, this comment appears:

    <!– Block cached by LiteSpeed Cache 6.1 on 2024-02-09 09:57:11 –>

    This appears to happen to all nonce values that were in inline javascript – so it was breaking all instances of plugins using nonce values in inline javascripts.

    When disabling ESI things appear to work again – but now the original problem occurs. After 12-24 hours the plugin stops working due to expired/cached nonce.

    Another interesting behavior is when JS minification / JS deferred is enabled, there is this error in the JS console: Uncaught ReferenceError: litespeed_var_# is not defined.

    The HTML comment is inserted where the nonce should be:

    <script>var __litespeed_var_0__="
<!-- Block cached by LiteSpeed Cache 6.1 on 2024-02-09 09:57:11 -->";</script>

    This happens anywhere there is inline javascript that includes a nonce value.

    <script>var __litespeed_var_0__='
<!-- Block cached by LiteSpeed Cache 6.1 on 2024-02-09 09:57:43 -->',__litespeed_var_1__='
<!-- Block cached by LiteSpeed Cache 6.1 on 2024-02-09 09:57:43 -->',__litespeed_var_2__="
<!-- Block cached by LiteSpeed Cache 6.1 on 2024-02-09 09:57:11 -->";</script>
	<meta http-equiv="X-UA-Compatible" content="IE=edge" />

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)
  • Plugin Support qtwrk

    (@qtwrk)

    you have created a ticket in our system already , I will close this topic and further communication will be performed via ticket system.

    Hi pmaxey0,

    Please, could you share how you solved the problem ?
    I’ve got same “symptoms” …

    Thanks a lot !

    Thread Starter pmaxey0

    (@pmaxey0)

    Yes – Support provided a temporary solution to this problem. I am still working with them to fix the problem with ESI.

    1. Disable ESI
    2. Create a file called nonce_purge.php in the WP root folder / same folder that wp-config.php exists with the following content:
    <?php
require( './wp-load.php' );
if ( get_option("litespeed.conf_ols_purge_nonce") === false ) {
   $current_nonce_tick = wp_nonce_tick();
   add_option( 'litespeed.conf_ols_purge_nonce', $current_nonce_tick);
   return;
}
$saved_nonce_tick = (int) get_option( 'litespeed.conf_ols_purge_nonce' );
$current_nonce_tick = (int) wp_nonce_tick();
if ( $saved_nonce_tick !== $current_nonce_tick ) {
  update_option( 'litespeed.conf_ols_purge_nonce', $current_nonce_tick );
  if (defined( 'LSCWP_V' ) ) {
    do_action( 'litespeed_purge_all' );
  }
}

    3. Schedule a cron job for every 5 minutes 

    wget -q -O - https://www.website.com/nonce_purge.php >/dev/null 2>&1

    This causes a ‘purge all’ to happen every 12 hours or when the nonce values expire. This has fixed the problems I was having that required ESI in the first place, but the problem with ESI inserting HTML comments instead of actual nonce values persists.

    Thank you pmaxey0 , I’m going to try this !

    Have a good day,
    Best regards

Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘ESI nonce showing only HTML comment issue’ is closed to new replies.

Tags