Using ajax + nonce

aksld · July 22, 2022, 9:36am

Hello,

I’m trying to send Ajax request with nonce.

My nonce is generated in setup.php and sended to my JS via bundle( 'app' )->localize();

In my ajax function wp_verify_nonce is always returning false.

am I missing something ?

Thanks

ben · July 22, 2022, 1:56pm

Please share the actual code

aksld · July 22, 2022, 3:36pm

bundle( 'admin-communication' )->enqueue();
bundle( 'admin-communication' )->localize(
	'api',
	[
		'ajax_url'                 => admin_url( 'admin-ajax.php' ),
		'nonce_product_send_email' => wp_create_nonce( 'product_send_email' ),
	]
);

fetch(api.ajax_url, {
  method: 'POST',
  credentials: 'same-origin',
  headers: {
    'Content-Type': 'application/x-www-form-urlencoded',
  },
  body: new URLSearchParams({
    action: 'acd_product_send_mail',
    // eslint-disable-next-line no-undef
    nonce: api.nonce_product_send_email,
  }),
}).then(response => response.json())
  .then(data => {
    console.log(data);
  })
  .catch(err => console.log(err))
  .finally(() => {
  });

if ( ! isset( $_POST['nonce'] ) || ! wp_verify_nonce( $_POST['nonce'], 'product_send_email' ) ) { // phpcs:ignore
    wp_send_json_error();
}

Twansparant · July 23, 2022, 6:33am

Try:
window.api.nonce_product_send_email
instead

aksld · July 25, 2022, 8:52am

Edit : finally not working, I don’t know why !

nonce: window.api.nonce_product_send_email,

Twansparant · July 25, 2022, 12:36pm

You also need to use:
window.api.ajax_url

Try logging the nonce in your action hook with syslog for example.

aksld · July 25, 2022, 1:20pm

In setup.php : 2a917e242c
In my JS file (console.log) : 2a917e242c
In ajax function (php) : [nonce] => 2a917e242c