WooCommerce-POS icon indicating copy to clipboard operation
WooCommerce-POS copied to clipboard

Published 20 hours ago verified publisher icon kilbot

Invalid security nonce Error

Open amjad opened this issue 9 years ago • 7 comments

Whenever I open POS, I get this error:

Invalid security nonce {"errors":[{"code":"woocommerce_pos_invalid_nonce","message":"Invalid security nonce"}]}

screen shot 2015-08-04 at 9 35 01 pm

amjad avatar Aug 05 '15 02:08 amjad

Refresh the POS page to get a new security nonce.

kilbot avatar Aug 05 '15 02:08 kilbot

WooCommerce POS uses a security nonce for admin-ajax.php requests. These nonces expire after a period of time (24 hours) which means the POS has a stale nonce. A polling script is needed (possibly using the WP Heartbeat API) to check the server every so often and refresh the security nonce if required. Such a script could also be used for keeping local data in sync and background downloading.

kilbot avatar Aug 08 '15 04:08 kilbot

Hi Paul - this issue has been impacting us for a few weeks. We the sent the WC POS team an email or two (3 actually!) but I know with the release of WooCommerce 3.0 you have probably been super busy! Not sure if this note will reach you first, but we get this error message all the time (every week if not a few times a week), so we just have to save payment information for every customer who makes an order in person that day and process it later. Do you have any tips on resolving the issue? Is there a polling script that has been created yet? Thanks for writing whenever able!

calebweeks avatar Apr 26 '17 20:04 calebweeks

Hi @calebweeks, sorry I haven't gotten back to you sooner.

WordPress issues a nonce (security token) for AJAX calls. This nonce should be valid for 24 hours. POS users that log out of WordPress everyday should not see an invalid nonce error.

If you are seeing nonce errors one a day, you should log out of the POS and then log back in. If you are doing this and still see nonce errors, then there must be some other factor involved, for example, if you have the POS open in one tab and the WP Admin open in another tab.

In version 0.5, WooCommerce POS will not use AJAX calls at all - everything will go through the REST API. This should stop the dreaded invalid nonce error one and for all.

kilbot avatar Apr 27 '17 04:04 kilbot

@kilbot - Thanks for you're quick note back, Paul!

So, in case anyone happens to stumble upon this, the issue was with our caching plugin, WP Rocket. WP Rocket is awesome(!) but we needed to simply tell it to not cache our /pos/ URL. Once we entered it in, all is well!

Even still, we look forward to your work with the REST API, and really appreciate WC POS. Keep up the good work, Paul!

calebweeks avatar Apr 28 '17 02:04 calebweeks

This message appears always in 0.5 beta when clicking in the Barcode Field input in POS > Settings > Products.

wpos

campsjos avatar May 11 '17 08:05 campsjos

hi @campsjos

just a quick word to say this is not the same error

you should be able to fix by replacing line 38 of includes/ajax.php in woocommerce-pos-pro with

$pass = check_ajax_referer( \WC_POS\PLUGIN_NAME, 'security', false );

as @kilbot said in #170 beta2 is on its way and will fix this along with bringing WC 3.0 compatibility

thomasmery avatar May 11 '17 09:05 thomasmery