Automattic\WooCommerce\StoreApi\Routes\V1

AbstractCartRoute::check_nonce │ protected │ WC 1.0

For non-GET endpoints, require and validate a nonce to prevent CSRF attacks.

Nonces will mismatch if the logged in session cookie is different! If using a client to test, set this cookie to match the logged in cookie in your browser.

Метод класса: AbstractCartRoute{}

Возвращает

\WP_Error|true|false.

Использование

// protected - в коде основоного (родительского) или дочернего класса
$result = $this->check_nonce( $request );

$request(WP_REST_Request) (обязательный)

Request object.

Код AbstractCartRoute::check_nonce() AbstractCartRoute::check nonce ^{WC 10.4.3}

protected function check_nonce( \WP_REST_Request $request ) {
	$nonce = null;

	if ( $request->get_header( 'Nonce' ) ) {
		$nonce = $request->get_header( 'Nonce' );
	}

	/**
	 * Filters the Store API nonce check.
	 *
	 * This can be used to disable the nonce check when testing API endpoints via a REST API client.
	 *
	 * @since 4.5.0
	 *
	 * @param boolean $disable_nonce_check If true, nonce checks will be disabled.
	 *
	 * @return boolean
	 */
	if ( apply_filters( 'woocommerce_store_api_disable_nonce_check', false ) ) {
		return true;
	}

	if ( null === $nonce ) {
		return $this->get_route_error_response( 'woocommerce_rest_missing_nonce', __( 'Missing the Nonce header. This endpoint requires a valid nonce.', 'woocommerce' ), 401 );
	}

	if ( ! wp_verify_nonce( $nonce, 'wc_store_api' ) ) {
		return $this->get_route_error_response( 'woocommerce_rest_invalid_nonce', __( 'Nonce is invalid.', 'woocommerce' ), 403 );
	}

	return true;
}