Automattic\WooCommerce\StoreApi\Routes\V1

AbstractCartRoute::check_nonce()protectedWC 1.0

For non-GET endpoints, require and validate a nonce to prevent CSRF attacks.

Nonces will mismatch if the logged in session cookie is different! If using a client to test, set this cookie to match the logged in cookie in your browser.

Метод класса: AbstractCartRoute{}

Хуки из метода

Возвращает

\WP_Error|true|false.

Использование

// protected - в коде основоного (родительского) или дочернего класса
$result = $this->check_nonce( $request );
$request(\WP_REST_Request) (обязательный)
Request object.

Код AbstractCartRoute::check_nonce() WC 7.5.1

woocommerce/packages/woocommerce-blocks/src/StoreApi/Routes/V1/AbstractCartRoute.php 
protected function check_nonce( \WP_REST_Request $request ) {
	$nonce = null;

	if ( $request->get_header( 'Nonce' ) ) {
		$nonce = $request->get_header( 'Nonce' );
	} elseif ( $request->get_header( 'X-WC-Store-API-Nonce' ) ) {
		$nonce = $request->get_header( 'X-WC-Store-API-Nonce' );

		// @todo Remove handling and sending of deprecated X-WC-Store-API-Nonce Header (Blocks 7.5.0)
		wc_deprecated_argument( 'X-WC-Store-API-Nonce', '7.2.0', 'Use the "Nonce" Header instead. This header will be removed after Blocks release 7.5' );
		rest_handle_deprecated_argument( 'X-WC-Store-API-Nonce', 'Use the "Nonce" Header instead. This header will be removed after Blocks release 7.5', '7.2.0' );
	}

	/**
	 * Filters the Store API nonce check.
	 *
	 * This can be used to disable the nonce check when testing API endpoints via a REST API client.
	 *
	 * @param boolean $disable_nonce_check If true, nonce checks will be disabled.
	 *
	 * @return boolean
	 */
	if ( apply_filters( 'woocommerce_store_api_disable_nonce_check', false ) ) {
		return true;
	}

	if ( null === $nonce ) {
		return $this->get_route_error_response( 'woocommerce_rest_missing_nonce', __( 'Missing the Nonce header. This endpoint requires a valid nonce.', 'woocommerce' ), 401 );
	}

	if ( ! wp_verify_nonce( $nonce, 'wc_store_api' ) ) {
		return $this->get_route_error_response( 'woocommerce_rest_invalid_nonce', __( 'Nonce is invalid.', 'woocommerce' ), 403 );
	}

	return true;
}