Invalid nonce message when using CDN

  • Hi,

    I sometimes get the “invalid nonce” message in the chatbot when using it with CDN. I espacially get it when I connect to the website with a user account to test it.

    Do you have an idea on what plugin files should I exclude from caching in order to prevent this issue ? Or what caching parameters should I change. I use Wp-Rocket for caching.

    Regards,

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author senols

    (@senols)

    Hello @trustmedias

    I will simply copy and paste the answer from this post because it applies precisely to our chatbot as well.”

    The invalid nonce error occurs when WordPress is unable to verify the security token, this can happen due these reasons:

    1.- The chat bot is kept open for hours and then submitted which will invalidate the security token and won’t let the submission to pass.
    2.- The user open the chat bot, then in another page they log in or log out of the site and then send a message before refreshing the page that has the chat bot. Logging in or logging out would also invalidate the wordpress security token which would also cause this message.
    3.- Your site is configured to have a very small lifespan for the security token which would make make users that don’t submit their messages fast enough to experience this message.
    4.- You have a cache plugin that is caching the whole page for several days (including the javascirpt variables) which would cause the plugin to use an outdated

    So to fix it you could try:
    1.- Increase the life span of the nonces, you can add this filter in the wp-config file of your site apply_filters( ‘nonce_life’, $day_in_seconds ); replace $day_in_seconds with a number which should be the number of seconds that you want it to last (so for example 172800 would last 2 days).
    2.- Disable any cache plugin that you have and see if the error goes away, it this is the case then the problem is that the cache plugin is also cacheing the security token

    You can also try these suggestions:

    https://blog.hubspot.com/website/nonce-error#:~:text=A%20nonce%20error%20is%20caused,upload%20a%20plugin

    Thread Starter trustmedias

    (@trustmedias)

    Hi! Thank you so much for the detailed reply. I’ll try it.

    But I have a question: I see on the web it’s not recommended to apply filters in the config file. Did you mean in the functions.php file ?

    Also, I found add_filters, but not apply_filters to change the nonces lifespan ?

    • This reply was modified 1 year, 2 months ago by trustmedias.
    • This reply was modified 1 year, 2 months ago by trustmedias.
Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Invalid nonce message when using CDN’ is closed to new replies.