[wp-trac] [WordPress Trac] #63371: nonce issue when using WordPress mobile app in parallel with web

WordPress Trac noreply at wordpress.org
Wed Apr 30 20:49:24 UTC 2025 

#63371: nonce issue when using WordPress mobile app in parallel with web
-------------------------------+------------------------------
 Reporter:  oferlaor           |       Owner:  (none)
     Type:  defect (bug)       |      Status:  new
 Priority:  normal             |   Milestone:  Awaiting Review
Component:  General            |     Version:  6.8
 Severity:  normal             |  Resolution:
 Keywords:  reporter-feedback  |     Focuses:
-------------------------------+------------------------------

Comment (by SirLouen):

 Replying to [comment:10 oferlaor]:
 > I understand. It's just that the site is too complex to even try to
 deploy without plugins, it's not a trivial marketing site, but a full
 blown app.

 The problem here is that if it's not reproducible, it is not sortable.

 And even if we could reproduce it under a sandbox condition you provided
 with credentials the problem could come from who knows where (and this is
 not something into the scope of the average WP developer, unless you put
 money on the table and hire an agency).

 My recommendation for you is simple:

 Try isolation. If you had a full developed by you site from scratch, the
 classic go-to is to test each part independently (even if parts are
 correlated, generally dev teams create mocks of the interconected parts to
 "simulate" they are there, but they are not actually)

 In WordPress there is a very interesting "feature", and this is the
 plugins: Plugins create this sort of isolation, since you can enable and
 disable them. So first you can start by disabling each single plugin.

 Next, you can add one or two, and test. Same for themes. You can add
 different themes, or comment out parts of your custom theme just in case.

 As a rule of thumb, if we cannot reproduce something with a maximum level
 of simplicity, it can't be fixed. Maybe you have found a bug because there
 is something in XML-RPC that is wrong or whatever, but we need to isolate
 it to the maximum level to get a conclusion and following your simple
 steps we cannot reproduce it for now.

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/63371#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list