Automattic\WooCommerce\StoreApi\Routes\V1
AbstractCartRoute::check_nonce()
For non-GET endpoints, require and validate a nonce to prevent CSRF attacks.
Nonces will mismatch if the logged in session cookie is different! If using a client to test, set this cookie to match the logged in cookie in your browser.
Метод класса: AbstractCartRoute{}
Хуки из метода
Возвращает
\WP_Error|true|false
.
Использование
// protected - в коде основоного (родительского) или дочернего класса $result = $this->check_nonce( $request );
- $request(\WP_REST_Request) (обязательный)
- Request object.
Код AbstractCartRoute::check_nonce() AbstractCartRoute::check nonce WC 7.5.1
protected function check_nonce( \WP_REST_Request $request ) { $nonce = null; if ( $request->get_header( 'Nonce' ) ) { $nonce = $request->get_header( 'Nonce' ); } elseif ( $request->get_header( 'X-WC-Store-API-Nonce' ) ) { $nonce = $request->get_header( 'X-WC-Store-API-Nonce' ); // @todo Remove handling and sending of deprecated X-WC-Store-API-Nonce Header (Blocks 7.5.0) wc_deprecated_argument( 'X-WC-Store-API-Nonce', '7.2.0', 'Use the "Nonce" Header instead. This header will be removed after Blocks release 7.5' ); rest_handle_deprecated_argument( 'X-WC-Store-API-Nonce', 'Use the "Nonce" Header instead. This header will be removed after Blocks release 7.5', '7.2.0' ); } /** * Filters the Store API nonce check. * * This can be used to disable the nonce check when testing API endpoints via a REST API client. * * @param boolean $disable_nonce_check If true, nonce checks will be disabled. * * @return boolean */ if ( apply_filters( 'woocommerce_store_api_disable_nonce_check', false ) ) { return true; } if ( null === $nonce ) { return $this->get_route_error_response( 'woocommerce_rest_missing_nonce', __( 'Missing the Nonce header. This endpoint requires a valid nonce.', 'woocommerce' ), 401 ); } if ( ! wp_verify_nonce( $nonce, 'wc_store_api' ) ) { return $this->get_route_error_response( 'woocommerce_rest_invalid_nonce', __( 'Nonce is invalid.', 'woocommerce' ), 403 ); } return true; }