403 Error in WordPress (WooCommerce) admin with multiple "sites" (rest_cookie_invalid_nonce, Cookie check failed, api-fetch, wp-json)

bedrock
, , ,
1

Hi everybody,

the text has gotten a little longer, so thank you in advance for staying with me and taking your time!

I am experiencing a problem of piling up 403 errors when in the WordPress backend, specifically the WooCommerce admin (where it hinders me to e.g., make changes to some payment settings), or also when editing a post (Gutenberg). The problem seems to be related to rest_cookie_invalid_nonce.

Here are example logs from the console

api-fetch.js?ver=064121ed1abb9ed32a10:678 
GET http://domain-one.test/wp-json/wc-admin/options?options=woocommerce_admin_transient_notices_queue%2Cwoocommerce_admin_install_timestamp&_locale=user 403 (Forbidden)

---

api-fetch.js?ver=064121ed1abb9ed32a10:678 
GET http://domain-one.test/wp-json/wp/v2/templates/twentytwentyfour//single?context=edit&_locale=user 403

“WP Multisite” vs multiple “sites”

I have tried all kinds of solutions and approaches, but to no avail, which led me to wonder, if I even understood “Multisite” vs “sites” (as per Trellis Docs) correctly.

So first off, let me please ask, if my understanding in this regard is correct, or if my approach cannot work in the first place:

Instead of installing a “WP Multisite” (i.e., one WordPress install with multiple websites), I configured my project with multiple “sites” (each having their own WordPress/Bedrock install), leaving me with a structure that looks like this:

site_domain-one (Bedrock)
   | composer.json
   | config
   |     | application.php
   |     | environments
   |     |     | development.php
   |     |     | ...
   | web
   |     | app
   |     |     | plugins
   |     |     | themes
   |     |     | ...
   |     | wp
   |     |     | ...
   | .env
   | composer.json
   | ...
site_domain-two (Bedrock)
   | composer.json
   | ...
site (more sites ...)
   | ...

trellis
   | group_vars
   | hosts
   | ...

…and group_vars/development/wordpress_sites.yml like this:

# Created by trellis-cli v1.11.1
# Documentation: https://roots.io/trellis/docs/wordpress-sites/

wordpress_sites:
  domain-one.com:
    site_hosts:
    - canonical: domain-one.test
      redirects:
      - www.domain-one.test
    local_path: ../site_domain-one
    admin_email: mymail@mail.com
    multisite:
      enabled: false
    ssl:
      enabled: false
      provider: self-signed
    cache:
      enabled: false
  domain-two.com:
    site_hosts:
    - canonical: domain-two.test
      redirects:
      - www.domain-two.test
    local_path: ../site_domain-two
    admin_email: mymail@mail.com
    multisite:
      enabled: false
    ssl:
      enabled: false
      provider: self-signed
    cache:
      enabled: false
  more-domains.com:
    ...

Again, in my understanding, I don’t have a “WP Multisite”, but multiple “sites”, with each “site” having a separate WordPress/Bedrock installation.

Question 1→ Is my understanding correct? Is it possible to setup the Roots stack like this, or is my approach wrong, and the only way to go about it is a “WP Multisite”?

Similar topics

There are very similar topics surrounding the error rest_cookie_invalid_nonce. Again, they are mostly referring to “Multisite” though, which leaves me to wonder, if they are even applicable in my case (or if I have to switch to a multisite regardless?)(see explanation above).

Especially this topic (Rest_cookie_invalid_nonce error) is very similar. I have reached out to its author, but haven’t received a reply yet. In the aforementioned topic, three other threads are also mentioned (again, all referring to Multisite):

They very much describe (parts) of my problem, but miss solutions (I could get to work).

Error

As mentioned above, the console log(s) look like:

api-fetch.js?ver=064121ed1abb9ed32a10:678 
GET http://domain-one.test/wp-json/wc-admin/options?options=woocommerce_admin_transient_notices_queue%2Cwoocommerce_admin_install_timestamp&_locale=user 403 (Forbidden)

with a preview / response of:

{code: "rest_cookie_invalid_nonce", message: "Cookie check failed", data: {status: 403}}

code: "rest_cookie_invalid_nonce"
data: {status: 403}

status: 403

message: "Cookie check failed"

My setup

  • Trellis, Bedrock, Sage
  • multiple “sites” (not WP Multisite)
  • Since the error already appears in local development (only WordPress and WooCommerce installed, with Twenty Twenty-Four theme), and judging from the similar topics, it seems to be Bedrock (or Trellis) related
  • To the best of my memory, I have not altered the Bedrock setup (but regularly installed it via Trellis-CLI)
  • The issue persists after clearing browser cache and re-provisioning via trellis provision development
  • this answer (below) suggests the following, but since its an install with only WordPress, WooCommerce, and Twenty Twenty-Four theme), I did not know, which further plugins/blocks to disable:

Question 2 → Is of course, how to solve the problem / where to look / where it likely lies / etc.?

Thank you very much for reading. Please let me know, if you need further information. I hope that someone can help (guide) me to the right solution, and that this thread then helps others to find a solution, too :slight_smile:

Very much looking forward to your replies!

P.S.: In the meantime, I have done a new fresh trellis install, with two “sites” (both only WordPress, WooCommerce, Twenty Twenty-Four) and the issue persists (in development). Pretty sure, that means that something in my config is wrong (?), but I can’t figure out what :thinking:

2

I had same issue after WooCommerce update to 8.5.0. Rollbacked to 8.4.0 and it worked.

5 Likes
3

Damn, that was actually it… Rolling back, and it works again. Thanks a lot for pointing it out! :pray:

I somehow didn’t really consider this to be an issue with such a massively used plugin :woozy_face: … and didn’t check there… but looking at the WooCommerce support forums now, they even officially reverted back to 8.4.0. — as the 8.5.0. was causing too many issues…… anyways, solution found :tada:

3 Likes
4

Thank you! I just encountered the same issue, but not with multiple sites, just a normal WordPress Bedrock Site with Sage 10 (updated). Hopefully the next WooCommerce release has this issue fixed.

5

:thinking: Interesting, the WooCommerce plugin latest version is 8.4.0 on the WordPress WooCommerce plugin directory page.

But on wpackagist (from which Bedrock installs plugins using composer)the woocommerce plugin package is also available in versions 8.5.0-beta.1; 8.5.0-rc.1 and 8.5.0. In the GitHub repository the latest (stable) available version is also 8.5.0.

So were the 8.5.0 beta, rc and stable releases actually retracted from the WordPress plugin directory, probably because of this significant issue?

6

I’ve had issues with sessions (customer login, add to cart, checkout). Rolling back to 8.4 solved the issues.

This is a really big bug…my clients lost a lot of money…