Getting 403 error on admin-ajax.php

  • Resolved beeky2

    (@beeky2)


    4 years, 7 months ago

    Hi,
    I’m the developer of StranoWeb Ajax Login, WordPress plugin for ajax login.
    I’m experiencing a 403 error with your plugin calling admin-ajax.php to perform login action.
    The issue disappears when I purge all caches and returns after about 1 or 2 days.
    Clearing the cache seems the only solution i’ve found so far.
    I’ve done some google search and found other people having 403 issues on admin-ajax.php.

    I’ve tested my plugin with other cache plugins and didn’t get that issue.
    When Litespeed is disabled everything works fine, so I’m very curious to know if this is something related to my plugin, to litespeed settings or to some server settings.

    I’ve attached my plugin link if you want to perform some test.

    Hope to hear from you soon.
    Thanks
    Marco

    • This topic was modified 4 years, 7 months ago by beeky2.

    The page I need help with: [log in to see the link]

Viewing 9 replies - 1 through 9 (of 9 total)
  • Plugin Support qtwrk

    (@qtwrk)

    Hi,

    If that 403 happens after a day or two , I suspect this could be nonce issue.

    Could you please implement LSCWP API to make nonce to ESI block ? so this way the nonce wouldn’t be expired or re-used that trigger the 403 error.

    Best regards,

    Thread Starter beeky2

    (@beeky2)

    Thanks for your reply.

    I’ve added to my plugin those lines to whitelist nounces, now let’s wait 1 or 2 days to see if it works.

    Will let you know.
    Thanks

    Plugin Support qtwrk

    (@qtwrk)

    Hi,

    Thanks , please keep us posted.

    Best regards,

    Thread Starter beeky2

    (@beeky2)

    It seems a nonce issue, but unfortunatelly the soulution you proposed doesn’t work.
    I’ve added this code from your docs right before my plugin nonce but seems not working after the nonce expiration, still getting 403 error:

    // Whitelist the login nonce for Litespeed plugin
			    if ( class_exists( 'LiteSpeed_Cache_API' ) ) {
				    LiteSpeed_Cache_API::nonce_action( 'ajax-login-nonce' );
				}

			    //create security nonce field
			    $output .= wp_nonce_field('ajax-login-nonce', 'swal_login_security');

    My only doubt is if I have to whitelist the nonce action or nonce name (on your documentation it refers to action)

    I’ve also tried to exclude /admin-ajax.asp from being cached but it’s not working.

    Any other idea?
    Thanks

    Plugin Support qtwrk

    (@qtwrk)

    Hi,

    Could you please try v3.0 ?

    In v3.0 , ESI tab , there is a new ESI wrapper

    in that field , add

    your_nonce_name private

    and see how it goes ?

    Best regards,

    Thread Starter beeky2

    (@beeky2)

    I realized that I had to enable ESI to let the code I’ve added to my plugin working.
    I thought adding this code LiteSpeed_Cache_API::nonce_action( ‘ajax-login-nonce’ );

    automatically enabled ESI for that nonce without the need to activate ESI from your plugin’s admin TAB.

    I need to make my plugin working with your plugin’s versions before 3.0 to write documentation for my plugin users.

    It seems to work now.
    Thanks

    Plugin Support qtwrk

    (@qtwrk)

    Hi,

    How is thing doing ?

    Best regards,

    Thread Starter beeky2

    (@beeky2)

    I’ve performed some tests in the last days from different browsers and device and actually seems to work now.

    Thanks

    Plugin Support qtwrk

    (@qtwrk)

    Hi,

    Just to follow up , how is it doing ? everything good ?

    Best regards,

Viewing 9 replies - 1 through 9 (of 9 total)
  • The topic ‘Getting 403 error on admin-ajax.php’ is closed to new replies.