Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Dokan dokan_pageview nonce conflict with cache plugins #2472

Open
dan504301 opened this issue Dec 8, 2024 · 0 comments
Open

Dokan dokan_pageview nonce conflict with cache plugins #2472

dan504301 opened this issue Dec 8, 2024 · 0 comments
Assignees
@mralaminahamed

Comments

@dan504301
Copy link

dan504301 commented Dec 8, 2024
edited
Loading

Bug Description

Issue Summary

The dokan_pageview action has a conflict with cache plugins.

Description

The issue arises because dokan_pageview uses a nonce that expires after approximately 24 hours. When the nonce expires, any cached product page triggers a 403 Forbidden error in the browser's console, displaying:

Error: admin-ajax.php access denied

This issue affects all Dokan-powered websites using caching plugins that cache product pages.

Tested on various Dokan websites from my personal list.

Summary  
URL: /wp-admin/admin-ajax.php  
Status: 403  
Source: Network  
Initiator: jquery.min.js:2:80630  

Request  
:method: POST  
:scheme: https  
:path: /wp-admin/admin-ajax.php  
Accept: */*  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Content-Length: 58  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Cookie: [REDACTED]  
Origin: [REDACTED]  
Priority: u=3, i  
Referer: [REDACTED]  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15  
X-Requested-With: XMLHttpRequest  

MIME Type: application/x-www-form-urlencoded; charset=UTF-8  
action: dokan_pageview  
_ajax_nonce: [REDACTED]  
post_id: [REDACTED]  

Response  
:status: 403  
Access-Control-Allow-Credentials: true  
Access-Control-Allow-Origin: [REDACTED]  
Alt-Svc: h3=":443"; ma=86400  
Cache-Control: no-cache, must-revalidate, max-age=0  
cf-cache-status: DYNAMIC  
cf-ray: [REDACTED]  
Content-Encoding: br  
Content-Type: text/html; charset=UTF-8  
Date: [REDACTED]  
Expires: Wed, 11 Jan 1984 05:00:00 GMT  
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}  
Pragma: no-cache  
Referrer-Policy: strict-origin-when-cross-origin, origin-when-cross-origin  
Report-To: {"endpoints":[{"url":"[REDACTED]"}],"group":"cf-nel","max_age":604800}  
Server: cloudflare  
Strict-Transport-Security: max-age=31536000; includeSubDomains  
Vary: Accept-Encoding  
X-Content-Type-Options: nosniff  
x-envoy-hostname: nginxreplace-contour-envoy-m9229  
x-envoy-upstream-service-time: 1430  
X-Frame-Options: SAMEORIGIN  
x-robots-tag: noindex

Step To Reproduce

Enable a cache plugin (e.g., LiteSpeed Cache, WP Rocket, etc.).

Visit a product page while the dokan_pageview nonce is valid.

Allow the nonce to expire (typically 24 hours).

Revisit the same cached product page.

Check the browser console for a 403 Forbidden error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mralaminahamed mralaminahamed

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mralaminahamed @dan504301