Thank you for your answer, you are absolutely right.
I also corrected my mistake. I’ll post the code if it helps.
Code for Cloudflare Workers: https://gist.github.com/richie5um/b2999177b27095af13ec619e44742116
Code for WordPress :
add_filter( 'script_loader_tag', 'add_nonce_to_script', 10, 3 );
function add_nonce_to_script( $tag, $handle, $source ) {
$search = "type="text/javascript"";
$replace = "type="text/javascript" nonce=""";
$subject = $tag;
$output = str_replace($search, $replace, $subject);
return $output;
}
Related Posts:
- How does nonce verification work?
- How to expire a nonce?
- Fatal error: Call to undefined function wp_create_nonce()
- How to add/retrieve the post trash link?
- Using nonce external of WP Admin
- Nonce best practices: hidden input vs. wp_localize_script?
- “The link you followed has expired” when previewing a post
- wp_verify_nonce keeps failing
- Handling nonce generation in AJAX registration process
- increase nonce lifespan
- wp_verify_nonce() via REST always returns false
- Nonce failing in IE
- my theme breaks WP export
- Why am I getting a 403 from check_admin_referer()?
- x-wp-nonce across domains
- wp_create_nonce doesn’t verify when using WP_List_Table
- Handling expired nonces
- What is really “wp_nonce_field” and how does it work? [duplicate]
- Cannot verify nonce
- wp_verify_nonce return false despite correct parameter passed
- WordPress JSON API nonces and Vue development server
- Verify a nonce in Form submission
- phpcs error in WordPress
- Stop WordPress nonces expiring
- Several nonces?
- Nonce for Trashing Item
- Nonce keeps failing
- Public posts – preventing duplicate form submissions
- How to obtain “wp_rest” nonce for WP Statistics plugin manually?
- WordPress “nonce” message
- Why are nonces working in Firefox but not in Chrome?
- wp_verfy_nonce keeps giving false
- Nonce – reissue with ajax poll
- wp_nonce_url generating invalid links
- How to insert wp_nonce field within echoed string
- Nonce check causing issues when creating new post
- Weird nonce validation problem
- Logout button in menu without “wp” in links
- Check nonce in the new bulk_edit_posts action
- WordPress X Theme – Cloudflare Flexible SSL – Pingdom Speed Test No Longer Working?
- Nonces can be reused multiple times? Bug / Security issue?
- Using nonce in menu item
- Is it safe to assume that a nonce may be validated more than once?
- Should nonce be sanitized?
- Using Nonces for AJAX that only retrieves data
- WordPress REST API call generates nonce twice on every call
- WordPress failure when logging out
- Custom Meta Boxes – Nonce Issue – Move to trash issue
- wp_verify_nonce always returns false when logged in as admin
- Properly applying nonce to a form using AJAX
- WordPress password reset – why post rp_key?
- Nonces, AJAX, script variables & security in WordPress
- Why does WordPress Heartbeat login not refresh the nonces?
- When must I use and verify nonce?
- What SQL / WordPress queries would need a nonce?
- wp_nonce_url to users.php for deleting user not working
- How to check an ajax nonce in PHP
- wp_verify_nonce not working
- Identical wp_rest nonce returned from rest_api
- WP nonce invalid
- Cloudflare and SSL breaks wordpress – Mixed Content & Unable to use Admin
- wp_create_nonce() in REST API makes user->ID zero
- wp_create_nonce function doesn’t work inside a plugin?
- Nonce failing on form submission
- Found 2 elements with non-unique id (#_ajax_nonce) and (#_wpnonce)
- Draft preview and customize permission problems on multisite main site
- Why ajax doesn’t work on certain wordpress hooks and reload the page instead?
- Why ajax doesn’t work on certain wordpress hooks?
- Custom login doesn’t work properly
- Is there value in using a wp_nonce for POST requests?
- wp_nonce_field displaying twice
- Is it safe to use a global wp nonce per user instead of a nonce per action?
- Rest API: wp_verify_nonce() fails despite receiving correct nonce value
- Backbone with custom rest endpoints
- My elementor is not opening in WordPress because of “cloudflare-static/rocket-loader.min.js” [closed]
- Restrict Access without Creating Users
- How to add a WordPress Nonce for this form to avoid CSRF
- Using nonce when loading posts with AJAX
- Saving custom data via ajax with nonces
- Log in user using WordPress REST API
- WP_List_Table Inside Metabox With Bulk Actions Not Working on Submit
- WordPress does not show correct page
- How to add a prefix to a WordPress post preview url?
- wp_verify_nonce not working on the mobile device
- How to not cache nonces with WP Rocket?
- whether a nonce is required for get type and get_query_var?
- Unable to update plugins or log out
- Does it make sense to check a nonce on user log in?
- CSRF attack to create USER
- Register rest field authentication with REST API
- No Query String vs Ignore Query String in WordPress
- Create nonce in frontend page to edit profile
- Is it necessary to use a WordPress nonce when allowing users to download public data?
- WordPress wp_localize_script nonce and ajax URL
- Rest API nonce is being cached
- How to add a nonce check correctly to this specific code?
- Do I need to validate the nonce when using the settings api?
- Nonce validation in REST API
- How to stop a nonce from being cached in an inline script, or alternatives to regenerate it if expired?
- $_GET[”] variable with nonce verification