-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Renew nonce to prevent expiration and Updating failed
message
#9260
Comments
Thank you for writing this up! Do you think the underlying cause might be the same as in #8892? Note: I consider this a bug. I'm also adding the |
Good catch, I missed that one. It does seem different to me from #8892, since I'm still logged in when I experience the error. The period of time needed to trigger this error seems much lower than the period of time that my login session expires; e.g., ~12-24 hours rather than ~2-14 days (depending on the |
Cool. Thanks for checking that! Let the testing commence. 😁 |
Saw this happen again, it is the nonce expiring. Request
Response
|
This is meant to be improved by adding a fresh nonce into WordPress' existing heartbeat response. Possible you have this disabled? |
Hmm, I don't think so. I'm sure I've never intentionally done that, and can't think of any plugins that would. IIRC, I've seen this happen on production sites w/ plugins and also local dev sites without any other plugins. |
The nonce should be refreshed automatically if heartbeat is enabled, I'll do some testing to see if the code that handles the nonce refresh is still working correctly - quite a bit has changed since this was introduced. |
Tested and confirmed using WordPress 4.9.8 and Gutenberg 4.0 that leaving an editor window open for a long time results in an "Updating failed" error on screen and the following error in the console:
And the following API response for autosaves:
|
Might be related: https://core.trac.wordpress.org/ticket/37569 and https://core.trac.wordpress.org/ticket/24447 |
Would this even be technically possible upon returning from idle if the computer had idled longer than the valid nonce duration? |
From Slack chat today:
Needs additional technical exploration. |
I looked into this a bit. Looks like all requests sent through The heartbeat ticks are returning a I need to dig into it a bit more to see why the |
@earnjam That's basically the same thing that I ended up at. It looks to me, like the middleware function which contains the I also noticed that the I also looked into having the middleware hook in after the API request is made to grab the latest nonce from the API response, but I can't find a way to actually hook in and get the headers data (Only the final response seems to be available) from middleware without also altering api-fetch itself to throw an action |
That looks to be the case, Putting together #11347 after that comment seems to be working as expected. As a bonus, the |
Thanks! |
i have fresh installed wordpress in ubuntu 18.04 local machine. and when i try to add page it says same message |
@Suraj151 On the request that is returning 403, can you see what the response is? |
@earnjam
when i hit second time update then it shows response as then autosave called on specific interval which got same above nonce invalid response. one interesting thing that i have 3-4 pages and out of that pages only one page has this error while update. other pages gets update successfully.
now whenever i comment lines inside above if condition then that page gets updated successfully and when i remove comment then it failed to update that page. here i know that i am updating page as admin then it should not go inside that if condition then why above scenario happens. this is all i am playing around. as beginner i am interested to know about it. i know its dirty to make such customs but my concern is about how that only page gets error and why commenting those lines make it successful. |
sorry its my mistake. i did not read functions description clearly as per code reference doc
then on some search i found so after replacing is_admin() with is_super_admin() it working fine. |
@Suraj151 Thanks for the follow-up. I would suggest using |
Im getting this message all the time and it is basically rendering Wordpress unusable as you cant save your work. Just updated Wordpress (5.1.1) the only thing that works is to log off and on again and then after a few auto saves its back failing again! Massively annoying |
@TeamKinetic to confirm, are you seeing similar messages referencing the |
Describe the bug
I often will keep a tab open in the editor for hours, days, or weeks, while working on a post. I'll make some edits, then mull things over while doing something else, then come back to jot some some ideas or refine something.
While doing that with Gutenberg, I've often noticed that, when I come back and start typing, I'll see an
Updating failed
error. If I had to guess, I'd say that that the nonce used in thesave draft
API request has expired, so the request fails.If that's the case, then I think that Gutenberg should automatically renew the nonce to prevent this from happening. IIRC, Core already does this with the Heartbeat API or something similar.
Related Issues
#9146, #8241, and #4590 are related, but seem like a different underlying cause, because in those cases the error seems to happens on every save attempt (often caused by CloudFlare blocking the API request), whereas here the API requests work normally at first, and then start to fail only after a period of time has past.
IIRC, I've experienced this both in production environments behind CloudFlare, and also in my local development environment.
To Reproduce
NONCE_KEY
or something similar.Updating failed
error.Screenshots
Desktop (please complete the following information):
The text was updated successfully, but these errors were encountered: