[wp-trac] [WordPress Trac] #53618: Nonce use for AJAX calls interferes with page caching
WordPress Trac
noreply at wordpress.org
Wed Jul 7 11:52:49 UTC 2021
#53618: Nonce use for AJAX calls interferes with page caching
--------------------------+-----------------------------
Reporter: galbaras | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Security | Version: 5.7.2
Severity: normal | Keywords:
Focuses: |
--------------------------+-----------------------------
There are many plugins, most notably Contact Form 7, that use nonce values
to secure AJAX calls to the server. Since nonce values expire after 24
hours at the most, cached pages that contain nonces stop working if the
page is not refreshed during that time.
This is a serious limitation of the nonce mechanism. Sorry I don't have a
better idea, but I'm hoping that others will put their heads together and
come up with one, because there are MANY people discussing this on the
web.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/53618>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list