We recently migrated a Bedrock/Sage Multisite from an AWS instance to Kinsta. This site is also using Gutenberg and custom blocks created through Carbon Fields. Everything seemed to be working fine, so we pointed the DNS to the new server. Then we tried updating content, and that’s where the issues appeared, but it’s only happening on 2 of 4 sites in the multisite network.
When we try to edit content, say edit a paragraph or add a new test page, we get an “updating failed” error.
Another issue happening is happening to the Media Library across the sites. When we try to add a PDF file to the Media Library, the file appears, and the file thumbnail appears as normal, but the attachment link goes to a 404 page, even though the file path is the same as another PDF that was added prior to the migration.
Seems to be coming from Bedrock because I copied the site to a staging environment, de-activated all plugins, and switched to the default Twenty Nineteen WP theme, and still had the same “updating failed” issue.
It seemed to be a file permissions error, but Kinsta support is saying that is not the case.
I’m attaching a couple screenshots of the console errors I’m getting. It seems like the editor is not able to talk to the JSON API, but I have no idea why.
One of my co-workers ran into a slightly similar issue where a site behind Cloudflare was having trouble publishing stuff w/ Gutenberg. It turned out the issue there was that Gutenberg (as you pointed out) tried to use REST API calls to do stuff, which means it’s making HTTP requests. Cloudflare interpreted some of the content of those HTTP requests (I think embeds, possibly) as malicious content, and blocked them, which caused some issues with Gutenberg. You might see if you have Cloudflare or a similar product that could be intercepting those requests and stopping them.
From my co-worker:
go to network tab, hilight the network request that is getting the 403 error, switch to “Preview” view, and you’ll actually see the Cloudflare response with an explanation of what it’s doing. “we’ve blocked this content for X and Y reasons” and it will include the IP it’s seeing the attack come from in there too.
Thanks for the insight! I took a look at the network settings, and it looks like both 403 errors are showing this: “{“code”:“rest_cookie_invalid_nonce”,“message”:“Cookie nonce is invalid”,“data”:{“status”:403}}”
It doesn’t look like anything Cloudflare-related. We aren’t using that. I wonder if it’s something Kinsta-related?
I guess there are 2 elements with the same id _wpnonce on the page.
Thus, the AJAX requests failed to find a valid nonce.
Try disable some plugins/blocks to find the culprit.
Thanks for your insight. I did try making a staging copy of the site yesterday and disabled all plugins and switched themes to the default Twenty Nineteen theme, with no Carbon Fields blocks enabled.
I still had the same error. So I’m wondering if it’s not a theme issue, but rather a Bedrock config issue?
