WordPress Admin-ajax returns error 403

Resolved mambrogi
(@mambrogi)

1 year, 6 months ago

hello folks,

I am using LSCache provided with my hosting provider paired with their service Netson Ultra Cache and WordPress Plugin.
It works quite like a charm, if it was not for a blocking error with admin-ajax.php page which, once the site have been cached, it is no longer accessible as it responds with a Forbidden 403 error…

I already tried to setup exclusions like in the screenshot, and added some headers to the Ajax call, but nothing changed

https://www.litespeedtech.com/support/forum/attachments/screenshot-2024-10-02-alle-14-15-57-png.4007/

any hint, as the website is now stuck with a load-more pagination completely blocked

tyvm

The page I need help with: [log in to see the link]

Viewing 5 replies - 1 through 5 (of 5 total)

Plugin Support

qtwrk

(@qtwrk)

1 year, 6 months ago

no , the issue is about admin-ajax.php itself , but more like the nonce token

on which page you got it 403 ?

Thread Starter

mambrogi

(@mambrogi)

1 year, 6 months ago

on the main page of the atravisio.com website there is a pagination logic, which loads more contents upon scroll.

once the cache is stored though, if you start scrolling, you end up with a 403 error on admin-ajax.php page and the paginations fails.

right now I have purged the cache and therefore you won’t face the error, once the cache will be stored, the error will rise again.

It’s not a nonce issue, as the code worked fine before installing LSC and everytime I purge the cache…

<?php

namespace App;

use App\View\Composers\Homepage;
use function Roots\view;

class Ajax
{
    /**
     * Action argument used by the nonce validating the AJAX request.
     *
     * @var string
     */
    public const NONCE = 'ajax-nonce';

    /**
     * Ajax constructor.
     */
    public static function register(): void
    {
        $handler = new self();

        add_action('wp_ajax_load_more_articles', [$handler, 'loadMore']);
        add_action('wp_ajax_nopriv_load_more_articles', [$handler, 'loadMore']);
    }

    public static function getNonce(): string
    {
        return wp_create_nonce(self::NONCE);
    }

    private static function checkAjaxReferer(): void
    {
        check_ajax_referer(self::NONCE, 'security');
    }

    public function loadMore(): void
    {
        self::checkAjaxReferer();
        $page = isset($_POST['page']) ? intval($_POST['page']) : 1;
        $post_id = isset($_POST['post_id']) ? intval($_POST['post_id']) : null;
        $catID = isset($_POST['catID']) && $_POST['catID'] !== '' ? intval($_POST['catID']) : null;
        $composer = new Homepage();
        $per_page = get_option('paginazione');

        $data = $composer->griglia($page, $per_page, $post_id, $catID);

        if (!empty($data['items'])) {
            $html = view('components.griglia-hp', ['griglia' => $data])->render();
            wp_send_json_success(['html' => $html]);
        } else {
            wp_send_json_error('No more items');
        }
    }
}

Ajax::register();

and the JS:

...
$.ajax({
    type: 'POST',
    url: wp['ajaxUrl'],
    data: {
      action: 'load_more_articles',
      security: wp['security'],
      page: currentPage + 1,
      post_id: postID,
      catID: catID,
    },
    headers: {
      'X-Requested-With': 'XMLHttpRequest'  // Intestazione aggiuntiva per le richieste AJAX
    },
....