The security nonce is invalid or expired.

  • Resolved elsdeniep

    (@elsdeniep)


    2 years ago

    We use Contact Form 7 together with Drag & Drop Multiple File Upload.

    Recently we receive a nonce error:

    The security nonce is invalid or expired.

    We believe that the nonce error origins from Light Speed Cache because the contact forms are cached for more than 24 hours and Drag & Drop Multiple File Upload typically expects a new nonce every 24 hours.

    Would it be possible to make an exception for caching the form in Light Speed? Meaning: not caching the form and cache the rest of the page.

    Any help that gets us on track is highly appreciated.

Viewing 5 replies - 1 through 5 (of 5 total)
  • Plugin Support qtwrk

    (@qtwrk)

    yes , you can use ESI , please go to Cache -> ESI -> enable ESI

    and then in ESI nonce list, add CF7’s nonce name into the list , save and purge all.

    Thread Starter elsdeniep

    (@elsdeniep)

    Thanks @qtwrk.

    Interesting concept for a solution!

    I will dive into this ESI concept a bit beacuse at first it looks like it will only work for logged in users.

    Do you happen to know if a public list of plugin nonce names is available?

    Additional informattion:
    The problem appeared to be in Drag&Drop Multiple File Upload plugin because recently a nonce was added for security reasons.
    Developer has implemented a work around but nevertheless your solution can be very helpful in other cases where a specific plugin must be prevented from caching.

    Plugin Support qtwrk

    (@qtwrk)

    well , there are like millions plugins in wordpress, so no way we can have a list cover them all , but we are gradually building up such list each time when we encounter one , so if you know the nonce name from CF 7 , we will certainly add it to our prebuild list which will benefit other users who also uses CF7

    Thread Starter elsdeniep

    (@elsdeniep)

    Thanks.
    Where on https://vps.group/ is the nonce name list?
    Being a European it’s a bit hard to find my way there.
    I will certainly add nonce names when I come across it.

    Plugin Support qtwrk

    (@qtwrk)

    no , it’s my personal site , it’s in plugin file /wp-content/plugins/litespeed-cache/data/esi.nonces.txt , you can let me know the nonce name , or create a Pull Request in our github

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘The security nonce is invalid or expired.’ is closed to new replies.