Error when saving email templates

Resolved bboehm33
(@bboehm33)

1 month ago
Hello,

I am experiencing an issue with saving email templates in the Double Opt-In plugin (Version 3.7.2) for Contact Form 7. (free version)

When I click ‘Publish’ or ‘Save’ in the email template editor, I receive the following error:

{“code”:”rest_forbidden”,”message”:”You are not allowed to perform this action.”,”data”:{“status”:401}}

Details:
- PUT requests to /wp-json/f12-doi/v1/email-templates/ return a 401 error
- GET requests to the same endpoint work fine
- I am logged in as Administrator
- The issue persists even with all other plugins deactivated (only CF7 and your plugin are active)
- My hosting provider confirmed that no PUT requests are blocked on the server side
- WordPress version: 6.9
- PHP version: 8.x
The Double Opt-In functionality itself works correctly — only saving email templates in the visual editor fails.

Could you please help me resolve this issue?

Thank you!

Viewing 6 replies - 1 through 6 (of 6 total)

Plugin Support forge12marc
(@forge12marc)

1 month ago
Hi @bboehm33 ,
Thanks for the detailed report. I’ve reviewed our REST code for v3.7.2 and it looks correct on both sides (the PUT route is registered properly, the admin permission check is standard
manage_options, and the editor sends the X-WP-Nonce header on save). The 401 rest_forbidden response means WordPress itself sees the request as not authenticated when processing the PUT — even
though GET from the same page works. That almost always points to something in the environment, not the plugin.

Could you run these checks for me so we can narrow it down?

Open DevTools → Network tab, reproduce the error, click the failed PUT request, and check the Request Headers:
- Is there a Cookie: header, and does it include a value starting with wordpress_logged_in_…?
- Is there an X-WP-Nonce: header with a value (not empty)?
Please send me a screenshot of the Request Headers section (you can redact the cookie values). This is the single most important piece of information.

Timing test:
- Open the email editor and immediately (within a few seconds) click Save. Does it still fail?
- If it only fails after the editor has been open for a while → expired nonce.
- If it fails immediately on a fresh load → something is stripping auth on PUT.
Check for MU-plugins / security plugins that stay active even when “all plugins are deactivated”:
- Look in wp-content/mu-plugins/ — is there anything in there?
- Are Wordfence, iThemes/Solid Security, NinjaFirewall, WP Cerber, or similar installed (even if deactivated in the plugin list)? Some register as must-use plugins and keep running.
Enable WP debug logging:

In wp-config.php:
```
define( 'WP_DEBUG', true );
define( 'WP_DEBUG_LOG', true );
define( 'WP_DEBUG_DISPLAY', false ); 
```
Reproduce the error once, then send me the last ~50 lines of wp-content/debug.log.

Host / WAF question (please ask your host specifically this, not just “do you block PUT”):

Does your WAF, ModSecurity, or reverse proxy strip or modify Cookie or X-WP-Nonce headers on PUT requests to /wp-json/*? And do preflight OPTIONS requests pass through with credentials?

“We don’t block PUT” is not the same as “we pass PUT headers through unchanged” — this wording forces a precise answer.

Are you behind Cloudflare or another CDN?

If yes, try temporarily pausing Cloudflare (Overview → Pause on Site) and retry. Bot Fight Mode and some security rules strip auth on non-GET requests.

Quick isolation test: open the editor in a private/incognito window, log in fresh as administrator, edit a template, save immediately. Does it still fail?

Once I have the answers (especially #1 and the debug log from #4), I can tell you exactly what’s happening. Based on what you’ve described so far, my best guesses are an expired nonce from a
long editor session, or a host-side WAF rule stripping cookies on PUT — but I need the headers to confirm.

Thanks,
Marc
Rock a Robot!
(@revilo2020de)

2 weeks, 3 days ago

Hello!

I just installed the plugin (free version) and configured a double opt-in for a form. This went very well and it looks great. However I also cant save or publish email-templates in the editor. I keep getting a red notice saying “Error saving the template. Please try again.”

Might be similar to the error described above. I already tried the “Timing Test” and the “Quick isolation test”. And I don’t use Cloudflare or a CDN.

Any ideas or solutions?

Best Regards,
Oliver
Rock a Robot!
(@revilo2020de)

2 weeks, 2 days ago
I found the reason:
```
{
    "success": false,
    "message": "Vorlage enth\u00e4lt Pro-Bl\u00f6cke, die eine Lizenz erfordern: footer"
}
```
I created a new template using the “minimal clean” design. It contains te “footer”-block, which is a Pro-block and stops me from saving an edited version as long as I use the free plugin-version. When I delete it, I can save the template.

Maybe you can change the error-notice to ouput the specific reason as provided in the response-code above.
Plugin Support forge12marc
(@forge12marc)

2 weeks, 2 days ago

Hi @revilo2020de,

Apologies for the delayed reply! Glad to hear you were able to resolve the issue. If anything else comes up, feel free to open a new thread anytime.

Just a quick heads-up: we’re working on a major update for the plugin that will be released soon. It introduces new features, improves the UX, and addresses a number of known issues.

Best regards,
Marc

Rock a Robot!
(@revilo2020de)

2 weeks, 2 days ago

Great to hear, I’m looking forward to this! Don’t do too many changes to the UX. I had the plugin up and running within ten minutes (apart from the issue), which was a really good user experience. 😉

Thread Starter bboehm33
(@bboehm33)

1 week, 6 days ago

Thank you so much for this information!

I was also able to solve the problem by creating a template without a predefined design. This can be saved and published now.

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.