Automattic\WooCommerce\StoreApi\Routes\V1
AbstractCartRoute::check_nonce()
For non-GET endpoints, require and validate a nonce to prevent CSRF attacks.
Nonces will mismatch if the logged in session cookie is different! If using a client to test, set this cookie to match the logged in cookie in your browser.
Метод класса: AbstractCartRoute{}
Хуки из метода
Возвращает
\WP_Error|true|false
.
Использование
// protected - в коде основоного (родительского) или дочернего класса $result = $this->check_nonce( $request );
- $request(\WP_REST_Request) (обязательный)
- Request object.
Код AbstractCartRoute::check_nonce() AbstractCartRoute::check nonce WC 9.8.1
protected function check_nonce( \WP_REST_Request $request ) { $nonce = null; if ( $request->get_header( 'Nonce' ) ) { $nonce = $request->get_header( 'Nonce' ); } /** * Filters the Store API nonce check. * * This can be used to disable the nonce check when testing API endpoints via a REST API client. * * @since 4.5.0 * * @param boolean $disable_nonce_check If true, nonce checks will be disabled. * * @return boolean */ if ( apply_filters( 'woocommerce_store_api_disable_nonce_check', false ) ) { return true; } if ( null === $nonce ) { return $this->get_route_error_response( 'woocommerce_rest_missing_nonce', __( 'Missing the Nonce header. This endpoint requires a valid nonce.', 'woocommerce' ), 401 ); } if ( ! wp_verify_nonce( $nonce, 'wc_store_api' ) ) { return $this->get_route_error_response( 'woocommerce_rest_invalid_nonce', __( 'Nonce is invalid.', 'woocommerce' ), 403 ); } return true; }