[wp-trac] [WordPress Trac] #63371: nonce issue when using WordPress mobile app in parallel with web
WordPress Trac
noreply at wordpress.org
Wed Apr 30 19:24:44 UTC 2025
#63371: nonce issue when using WordPress mobile app in parallel with web
--------------------------+------------------------------
Reporter: oferlaor | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 6.8
Severity: normal | Resolution:
Keywords: dev-feedback | Focuses:
--------------------------+------------------------------
Comment (by oferlaor):
Just upgraded production to 6.8.1, behavior is different between 6.8 and
6.8.1!
**WHILE the mobile app is running**, wp-admin keeps trying to redirect me
to the profile page (it sometimes gets in a loop, trying to redirect the
profile page into itself).
I exit the mobile app (kill the process), I can at least work. I still see
the 403 error on:
/wp-json/wp/v2/users/me?context=edit&_locale=user
/wp-json/wp/v2/types?context=view&_locale=user
BUT once I exit the mobile app, the same REST API call work correctly and
get a 200.
as soon as I go back into the mobile app, the desktop side
/wp-admin/admin-ajax.php will reply with
{{{
302, location: /wp-admin/profile.php
}}}
with tons of cookies, but at the end, there's
{{{
X-Redirect-By: WordPress
}}}
again, once I exit the app, opening the /wp-admin/edit.php redirects
**once** to wp-admin/profile.php and after refreshing again, it works
correctly...
So, it's not even that I have to logout, it's like I can't have both
running simultaneously.
About the clean site. I don't have a server or place to install it on, so
I can't test the flow on a clean WP site.
Hope this is useful.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/63371#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list