35% OFF EVERYTHING
END OF YEAR SALE
Buy Now

Map Widget missing _wpnonce parameter

This topic contains 3 replies, has 2 voices, and was last updated by  Stiofan O’Connor 4 years, 8 months ago.

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
  • Author
    Posts
  • April 20, 2020 at 2:04 am #541284

    Fernando Tessmann
    Free User
    Post count: 3

    On the Map Widget is missing the _wpnonce parameter.

    Without this parameter, there is no way to identify a logged-in user on the Rest API.

    On the map_ajax_search() function (geodirectory/assets/js/map.js file), this is solved adding this code to the Ajax call:

    data : '_wpnonce=' + eval(map_canvas_var)._wpnonce,

    Attached the screenshot of the code added to the file, so it was possible to use the function is_user_logged_in() and wp_get_current_user() on the filter geodir_rest_posts_clauses_where.

    Thank you.

    April 20, 2020 at 9:15 am #541339

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    Hello,

    Nonces there would prevent caching and as we show logged in and logged out users the same results then there is no need for them. Do you have a specific need for this?

    Stiofan

    April 20, 2020 at 11:03 am #541350

    Fernando Tessmann
    Free User
    Post count: 3

    Hi Stiofan,

    Thank you for your reply.

    I agree my solution was not the best. The correct is to use HTTP header for this, leaving to the site decide if they are going to cache or not the nounce header (since all the WP (PHP) requests should have the nounce header, I don’t see a problem, it’s a standard).

    About the reason that my client needed it, is because he wanted to hide some posts based on some specific rule – a rule only used for logged-in users.

    My code worked great on these 3 filters:
    – geodir_main_query_posts_where
    – geodir_filter_widget_listings_where
    – geodir_rest_markers_query_where

    But no on the geodir_rest_posts_clauses_where filter because there I can’t see which user is logged in.

    If I can suggest something, would be to add the header on this Ajax request. You would keep the WordPress standards and the request would behave like all the other PHP requests, leaving the cache system to decide if the cache should consider or not the nounce header.

    I hope all this makes sense.

    Thank you so much for your plugin and time.

    Best,
    Fernando

    April 21, 2020 at 9:48 am #541571

    Stiofan O’Connor
    Site Admin
    Post count: 22956

    Hi Fernando,

    We used to use nonces and we had to remove them, we had lots of problems with caching, we don’t control users cache. If you set a nonce then the rest API deals with authentication automatically and if its expired then it will reject it.

    The nonce in WP REST API just checks for the cookies, i guess you could manually check the cookies.

    Thanks,

    Stiofan

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)

We have moved to a support ticketing system and our forums are now closed.

Open Support Ticket
20% Discount Offer
Hurry! Get your 20% discount before it expires. Get 20% Discount