-
Notifications
You must be signed in to change notification settings - Fork 217
Request to /wc/store/cart blocked by CORS due to "Request header field x-wc-store-api-nonce is not allowed by Access-Control-Allow-Headers in preflight response." #3815
Comments
I don't know if we need to do this yet, but for now you should be able to add that header to the allowlist via this filter in the REST API: |
If you're using cart, you're going to run into samesite cookies not being passed and so you won't get the cart session attached to the browser session, you might want to fill an issue in WooCommerce repository to allow filtering |
@mikejolley I'm new to WP, I reckon I should add that to the functions.php file for an instance? Thanks in advance |
@senadir would be able to provide an example on how to include that function and said custom cookie? |
Hi there @joaojuicee 👋 offering support for custom development is outside the scope of what we are able to do here. You could try joining the WooCommerce Community Slack and see if anyone there is able to help you accomplish your goals. |
I hope this link helps you. |
add following code to your functions.php to enable cors headers
|
// Disable nonce checks for WooCommerce Store API add_filter('woocommerce_store_api_disable_nonce_check', 'disable_woocommerce_store_api_nonce_check'); Solution Code: To disable nonce checks in the WooCommerce Store API, you can use the add_filter function. Keep in mind that disabling nonce checks should be done carefully and with an understanding of its security implications. |
I'm building a vue app that will connect to the woocommerce API which is hosted in a different domain than the WP application.
The wordpress application is using https with a valid certificate and ist running under the
lemon-wp.test
domain while the vue app is running onlocalhost
.I'm making a request to
/wp-json/wc/store/cart/add-item
with the requestedX-WC-Store-API-Nonce
header which has a valid token that I have generated via a custom endpoint usingwp_create_nonce('wc_store_api')
, however I keep getting blocked by CORS, here's the network error:Access to XMLHttpRequest at 'https://lemon-wp.test/wp-json/wc/store/cart/add-item' from origin 'http://localhost:3000' has been blocked by CORS policy: Request header field x-wc-store-api-nonce is not allowed by Access-Control-Allow-Headers in preflight response.
The preflight request goes through but seems to be coming back with some errors from woocommerce, here's a dump of the response headers to the request sent by woocommerce:
To reproduce
Steps to reproduce the behavior:
https://<your_wp_domain>/api/wc-nonce
X-WC-Store-API-Nonce
headerExpected behavior
I should be able to make the request being that I'm providing the required header, it doesn't make sense that the API doesn't accept the header if you're able to hit the endpoint.
Screenshots
Request headers and data
CORS error
Woocommerce reponse to preflight
Environment
WordPress (please complete the following information):
Desktop (please complete the following information):
Additional context
Was able to make the same request via Postman
The text was updated successfully, but these errors were encountered: