Help with AJAX front end comment moderation

Seems to me that the only problem is that you put the full approve url in the link, in this ways when you click the link you trigger the ajax and open the page url in the link.

To be more clear your link is something like:

<a class="p3-comment-moderation" href="https://wordpress.stackexchange.com/questions/128383/admin-ajax.php?action=p3_comment_approve&comment_id=123&nonce=xxxxx" data-comment_id="123" data-nonce="xxxxx">Approve</a>

thanks to the javascript, when you click on the link you launch an ajax request but, there is nothing that prevent the default link behaviour to be triggered, and so the admin-ajax.php is required to the browser, and thanks to the header statement in your code, then the page comes back again to current page.

So, actually, this is what happen:

  1. the ajax is triggered
  2. admin-ajax.php is open by the url in the a tag
  3. the page is sended again to previous page because of the header("Location: ".$_SERVER["HTTP_REFERER"]) statement in your code

I know that putting the full url in the link is the right way to make it works even if the user has javascript disabled, but when javascript is enabled you must prevent the default link behaviour, this can be done via the preventDefault() js function.

So, in your javascript replace 

jQuery(".p3-comment-moderation").click( function() {

with

jQuery(".p3-comment-moderation").click( function(e) {
    e.preventDefault();

After that everything should work as expected.

If, like I guess, this is the only problem, this question is a pure javascript one, so off-topic here. However, to make my answer more WordPress relevant I want add some tips (nothing that make the script work or not, just best practice and improvements).

Tip 1: Escape attributes and links

When in WordPress you output something in the html output as tag property, best practice is escape it with esc_attr, in general use all esc_* function when applyable

$p3_edit_links="<a class="p3-comment-moderation" href="" . $p3_approve_link . '" data-comment_id="' . $comment_id . '" data-nonce="' . $nonce . '">Approve</a>';

is better wrote:

$p3_edit_links_f="<a class="p3-comment-moderation" href="https://wordpress.stackexchange.com/questions/128383/%s" data-comment_id="%d" data-nonce="https://wordpress.stackexchange.com/questions/128383/%s">";
$p3_edit_links = sprintf($p3_edit_links_f, esc_url($p3_approve_link), esc_attr($comment_id), esc_attr($nonce) );

I know that you getting urls and attributes from WP core functions, however once almost all output from core can be filtered is good to apply data validation (although data validation functions can filtered too…)

Tip 2: use core constant to check ajax requests

In your code there’s

if( ! empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {

to check if the current request is from ajax. In WordPress when you properly use admin-ajax.php (like you do) you can check ajax request looking for DOING_AJAX constant, so the previous conditional statement becomes:

if ( defined('DOING_AJAX') && DOING_AJAX ) {

Tip 3: use core function to output json and exit script

Your code

$result = json_encode($result);
echo $result;
...
die();

can be wrote in one line, using the core wp_send_json function

wp_send_json( $result );

Tip 4: avoid direct superglobals access

when you have to handle superglobals ($_REQUEST, $_GET, $_POST…) to avoid notices you should always check that the key you are looking for is setted, so your

if ( ! wp_verify_nonce( $_REQUEST['nonce'], 'p3_comment_moderation' ) ) {

is better wrote:

if ( ! isset($_REQUEST['nonce']) || ! wp_verify_nonce( $_REQUEST['nonce'], 'p3_comment_moderation' ) ) {

However, is even better to use filter_var instead of accessing superglobals directly

$nonce = filter_var( INPUT_GET, 'nonce', FILTER_VALIDATE_STRING);
if ( empty($nonce) ) $nonce = filter_var( INPUT_POST, 'nonce', FILTER_VALIDATE_STRING);
if ( ! wp_verify_nonce( $nonce, 'p3_comment_moderation' ) ) {

Related Posts:

  1. Performance optimization of tree like structure
  2. JavaScript implementation of Gzip
  3. Is there a JavaScript API? How to access public and private data in JS?
  4. How to HTML5 FormData Ajax
  5. Update user meta using with ajax
  6. How to properly use wp.ajax.post?
  7. WordPress AJAX Login Screen
  8. Custom PHP endpoint for a plugin’s AJAX call
  9. How to link WordPress heartbeat to ajax form
  10. Refused to execute script from ‘***’ because its MIME type (‘text/html’) is not executable, and strict MIME type checking is enabled
  11. WordPress Ajax Login without page reload
  12. How to correctly load wordpress in a non WP script for AJAX request
  13. Dynamically changing navigation links (next and previous) via AJAX
  14. Drag and drop multiple file upload using Ajax WordPress
  15. Quick Edit: Selected Custom Taxonomy Not Refreshing After Save
  16. Vue.js + AJAX Shortcode
  17. Turn jQuery.ajax() request into XMLHttpRequest (vanilla JavaScript)
  18. fetching via fetch/ajax gutenberg block data from third party
  19. ajax and nonce when JavaScript is in a seperate file
  20. admin-ajax.php HTTP400: BAD REQUEST – The request could not be processed by the server due to invalid syntax
  21. AJAX issue – Uncaught SyntaxError when processing Zip File
  22. WordPress AJAX Call Not Return Result
  23. Nonces, AJAX, script variables & security in WordPress
  24. Extending wp JavaScript base class to make a post request to a custom REST endpoint
  25. How to localized one js file for different actions?
  26. wp-admin AJAX with Fetch API is done without user
  27. Insert wp_editor on front-end with AJAX?
  28. Admin Ajax and HTML5 Formdata
  29. Call javascript function when category was added via ajax
  30. Populating content dynamically via AJAX and Advanced Custom Fields [closed]
  31. Woocommerce Ajax Add cart not working
  32. Using AJAX with Forms
  33. Three level taxonomy dropdown frontend
  34. Ajax Modal Flickers When Opened Multiple Times
  35. Show Post Content with AJAX
  36. Load JavaScript from a post that’s loading into Fancybox via ajax
  37. splitting the URL using jQuery
  38. AJAX Load more on CPT returning random posts
  39. Refresh Markercluster after ajax call
  40. Making an ajax request from a different domain
  41. How do I query posts by a sub value with the API?
  42. Radio buttons live refresh in the customizer
  43. Gravity Forms closes my popup on Validation Error [closed]
  44. Is it secure to use admin-ajax.php in front?
  45. Why is wp_localize_script returning false?
  46. Best way to use ajax front-end?
  47. Using admin-ajax prevents regular php form submission
  48. wp_ajax declaration confusing for Front end
  49. wp_mail doesn’t work when logged in?
  50. Hide Load more Ajax button if there is no more users to load or less than the number?
  51. How to disable drag-and-drop upload function in Media Library?
  52. Making POST request with AJAX returns a 400 error (without jQuery)
  53. How to get post from pure frontend AJAX (using only post ID)?
  54. Is there a better way to access transients using javascript
  55. Run javascript upon successfully set featured image
  56. admin-ajax.php (aborted) error when using jQuery.get
  57. Replace link with form to pass variables to javascript / ajax
  58. Ajax page load without reload
  59. Load page HTML content through AJAX
  60. How to display contact form 7 form in vanilla js without jquery in frontend
  61. Get uploaded attachment width & height and attachment ID after upload them
  62. Get localize of a loaded javascript
  63. Updating failed. The response is not a valid JSON response. specific to my browser when I include javascript in my html
  64. Uncaught TypeError: Cannot read properties of undefined (reading ‘message’) [closed]
  65. Refresh checkout fields on add to cart with order bump
  66. Refresh Gutenberg with JS for it show updated post
  67. javascript onClick update user_meta from jquery.ajax
  68. how to make sure js is enabled before executing php function
  69. How to Object.freeze wp_localize_script
  70. How to pass value from ajax to php in no conflict mode?
  71. How to prevent my external API call from being called by anyone but me (my site)
  72. ERROR while passing data from JS to PHP via AJAX
  73. Ajax sometimes work and sometimes just don’t work
  74. React to AJAX adding to the page
  75. Download doccument on server rather than clients browser
  76. Using existing ajax data that is loaded into page
  77. Javascript output now showing in custom widget
  78. Ajax call from Plugin using Class
  79. Ajax call on class returns old data
  80. How to safely pass post_id and user_id via AJAX to the backend (prevent user from changing it via JS)?
  81. Ajax show custom post data form & script
  82. AJAX form not working, still reloads on submit
  83. Create a post with REST API and adding a category
  84. Update user meta via ajax from frontend, saving issue
  85. Ajax WordPress pass post URLs
  86. Edit user meta on front-end via AJAX
  87. Jquery wrap permalink in a data-attribute?
  88. How to test if in dashboard, bypassing Ajax quirk
  89. Session variables lost during Ajax calls – WordPress – Sage Starter Theme
  90. ‘Dehighlighting’ navigation once clicked
  91. ajax page template
  92. Bad Request when adding new post via ajax form
  93. AJAX admin Internal 500 error Failed to Upload
  94. Using Javascript Callback from plugin in a theme
  95. WordPress Ajax send response on every iteration of a loop
  96. Running js in html code with same content
  97. How to get current_user_id from wordpress in node js?
  98. AJAX call not initializing for non-admins in WordPress
  99. Escaping admin_url output being passed to js (esc_js vs esc_url)
  100. How to submit a button automatically after every scheduled hours?