How to use/replace wp_verify_nonce()

  • Resolved Erix Kivuti

    (@elzix)


    3 years ago

    I have a piece of code that uses nonce to verify ajax calls.

    on the page the nonce looked like this:

    <script type='text/javascript' id='my-code-js-extra'>
/* <![CDATA[ */
var my_code_params = {"_nonce":"ac18832623"};
/* ]]> */
</script>

    and ajax:

    $.ajax({
        ...
        data: {
          action: 'my_code',
          nonce: my_code_params['_nonce'],
          ...
        },

    and nonce was verified like this:

    $nonce = $_REQUEST['nonce'];
if (wp_verify_nonce($nonce, 'my_code_nonce')) {

    I followed the instruction on hot to convert custom nonce to esi.

    This changed my nonce to:

    <script type='text/javascript' id='my-code-js-extra'>
/* <![CDATA[ */
var my_code_params = {"_nonce":"<esi:include src='/?lsesi=nonce&esi=eyJhY3Rpb24iOiJtcGVzYV9ub25jZSIsIl9sc19zaWxlbmNlIjp0cnVlfQ%3D%3D&_hash=e32250e82e4ea03235ff13de63e087cb' as-var='1' />"};
/* ]]> */
</script>

    Now my nonce is what I assume to be an ESI block.

    My question is, how do I verify the nonce (or ESI block)?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support qtwrk

    (@qtwrk)

    you should not need to edit the verify part , only the create part

    did you enable the ESI ?

    because <esi:include src='/?lsesi=xxxx this should not display in the source code.

    Thread Starter Erix Kivuti

    (@elzix)

    I have OLS installed on my server and ESI enabled on WordPress. Is there something else I need?

    Thread Starter Erix Kivuti

    (@elzix)

    Oh, just read esi-for-open-litespeed and realized my mistake. I need to look for another solution for the nonce TTL issue..

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘How to use/replace wp_verify_nonce()’ is closed to new replies.