0
Fixed

Oops! Something went wrong, please try again or contact us... Failed nonce.

C-Studio 4 years ago updated by Jan Thiel 2 months ago 5

Hi,

I constantly get the error: Oops! Something went wrong, please try again or contact us...
Failed nonce.

It works the first hour (or something) and after that it get broken... Who can help me :)

https://www.c-studio.nl/review

Under review

That usually means that you are caching the page with the Form on it for more than an hour. WordPress uses nonce to make sure the Form submission is coming from your site. They are only good for a limited time. I would suggest not caching the page the Form is on.

Hey Josh,

we recently came across the same issue and solved it temporary with a cache exclusion.

Still I wanted to reach out to you regarding a more scalable solution. Cache exclusions require you to know exactly where your functionality is used. And as this is a public facing function caching of the page is something we want to use as much as possible.


We discussed this internally and came up with some possible solutions I wanted to share with you as we do agree on that you want to prevent spam reviews using the endpoint.

Yet Nonces might not be the only solution to do so.


Considering the review form "just like any other public form" we want to suggest two possible solutions which would all allow full caching of the site and are implemented in other comparable solutions (GravityForms for example):

  1. Implement a Captcha like https://www.cloudflare.com/de-de/products/turnstile/ or https://www.google.com/recaptcha/about/ instead of the Nonce check to secure the call
  2. Load the review form using AJAX to always get a fresh nonce and allow the remaining parts of the page being cache

Looking forward for your feedback.

Best Regards,

Jan

Okay, I can look at it.

The default lifespan for WordPress nonce is 24 hours, so you should be able to use a cache lifetime up to that value.

Hey Josh,

thank you very much for looking into this.

Optimal caching works event based - update of the content in particular - contrary to time based. Why invalidate something from the cache without any need?  As such even 24 hours are a very short time for static content. 


And that's how it's usually implemented within the popular Plugins like WP-Rocket or W3 Total Cache or all the other plugins for example.


Just for reference :-)

Best Regards,

Jan