Ecommerce Shopify WordPress Discussion

WordPress: Cookie check failed with REST API with AJAX call

I have created a REST API that is invoked on page load using AJAX to fetch post meta data. To ensure security, I've implemented a 'permission_callback' to restrict access to only administrator users. The relevant portion of my code is as follows: // register rest api route add_action('rest_api_init', 'register_api_endpoints'); function register_api_endpoints() { register_rest_route('api/v1/', '/getdata/', array( 'methods' => 'GET', 'callback' => 'rest_api_callback', 'args' => array( 'id' => array( 'required' => true, ), ), 'permission_callback' => 'check_permission', )); } //check user permission callback function check_permission() { return current_user_can('administrator'); } function enqueue_custom_scripts() { wp_enqueue_script('jquery'); $inline_nonce = wp_create_nonce('my_inline_nonce'); wp_localize_script('jquery', 'my_ajax_object', array('ajax_nonce' => $inline_nonce)); } // Function to enqueue scripts with nonce add_action('wp_enqueue_scripts', 'enqueue_custom_scripts'); // Hook the ajax functionality to the wp_footer action add_action('wp_footer', 'get_ajax_html'); function get_ajax_html() { $html = '<script> jQuery.ajax({ url: "/wp-json/api/v1/getdata?id=1", method: "GET", headers: { "X-WP-Nonce": my_ajax_object.ajax_nonce, }, contentType: "application/json; charset=utf-8", dataType: "json", }) </script>'; echo $html; } // rest api callback function rest_api_callback($data) { //get current user id $user_id = get_current_user_id(); $post_id = sanitize_text_field($data['id']); $result = get_post_meta($post_id); if (!empty($result)) { return rest_ensure_response($result); } else { return new WP_Error('empty', 'No results found', array('status' => 404)); } } "However, I am encountering the following error during the AJAX call: { "code": "rest_cookie_invalid_nonce", "message": "Cookie check failed", "data": { "status": 403 } } I'm including a screenshot to illustrate the issue. I've observed that the user ID is also displaying as 0 within the 'rest_api_callback()' function when I comment out the 'permission_callback' in the 'rest_api_init' callback and the 'X-WP-Nonce' in the AJAX call. The API response works in this scenario. However, my goal is to enforce permissions, allowing only admin users to call the API during the page load for logged-in users. I'm seeking guidance on implementing the necessary permissions while still ensuring the API response works correctly.
The answer is in the docs (https://developer.wordpress.org/rest-api/using-the-rest-api/authentication/): For developers making manual Ajax requests, the nonce will need to be passed with each request. The API uses nonces with the action set to wp_rest. ... If no nonce is provided the API will set the current user to 0, turning the request into an unauthenticated request, even if you’re logged into WordPress. The only thing you should do is change $inline_nonce = wp_create_nonce('my_inline_nonce'); into $inline_nonce = wp_create_nonce('wp_rest');

December 30, 2023

Our products

The help you need, when you need it

App by Turbo Engine

3 apps • 5.0 average rating

Turbosify Speed Booster

5.0 (7)
Get better conversions by optimizing shopify store Google page speed Installed

Turbosify Translator for Wordpress Woocommerce

5.0 (74) Free Wordpress Woocommerce Plugin
Translate your wordpress website to multiple language within 1 click, no configuration needed, no No technical required

Grow your business here

Whether you want to sell products down the street or around the world, we have all the tools you need.