Using nonce when loading posts with AJAX

GET puts all your params on the URL like;

http://example.com/thing?foo=bar&x=y

For POST you could include all that information but it won’t show in the URL.

http://example.com/thing

Obviously if you’re thinking about security, using POST is more ideal because your params won’t show in access logs or accidentally picked up by search engines or whatever. Sending passwords using this method is ideal in additional to large amounts of data.

But what you can loose with POST is caching. Some systems will not cache a POST. Assuming you want to ditch the the cache on a GET request you can always throw on a cache buster.

http://example.com/thing?foo=bar&x=y&cache=234234234

Where &cache=<current-time-or-random-number>. And maybe that’s what you want for your more posts. To not cache them so you’re always getting the freshest of the fresh. Unfortunately if you do anything at scale this idea fails. Cache is King and controlling the cache is ideal.

Enter the TTL (Time to Live) where you can add how long you’d like your resource to be cached on the other end.

header('Expires: '.gmdate('D, d M Y H:i:s \G\M\T', time() + (60 * 60))); // 1 hour

or nocache_headers() // no caching

Now, for your case, I don’t think it matters one bit which one you use. But the questions to ask yourself should include;

  • Do you want to expose your data passed to the URL?
  • Should you be concerned with caching?
  • How can you control caching to make it optimized for your content and system?

Related Posts:

  1. Nonces and Cache
  2. Is it safe to assume that a nonce may be validated more than once?
  3. Multiple ajax nonce requests
  4. Nonces, AJAX, script variables & security in WordPress
  5. How do I check if AJAX nonces are implemented correctly?
  6. WP Admin AJAX Security – using POST to include a relative URL
  7. ajax nonce verification failing
  8. Why does check_ajax_referer give a 403 error on https websites?
  9. Should wordpress nonce be placed in html form or in javascript file
  10. Ajax Security regarding user priviliges and nonces
  11. How to get a unique nonce for each Ajax request?
  12. WordPress Ajax Data Security
  13. Nonces can be reused multiple times? Bug / Security issue?
  14. Using Nonces for AJAX that only retrieves data
  15. How to verify nonce from Bulk/Quick Edit in save_post?
  16. How to add WordPress nonces to ajax request
  17. Security – Ajax and Nonce use [closed]
  18. Nonces and Ajax request to REST API and verification
  19. Ajax function returns -1
  20. Serving nonces through AJAX is not refreshing nonce, returning 403 error
  21. wp_verify_nonce always returns false when logged in as admin
  22. ajax and nonce when JavaScript is in a seperate file
  23. wp_verify_nonce doesn’t return true on server when it matches the nonce
  24. AJAX requests broken due to HTTPS for wp-admin
  25. Why does WordPress Heartbeat login not refresh the nonces?
  26. wp-admin AJAX with Fetch API is done without user
  27. How to check an ajax nonce in PHP
  28. Can a wp_nonce created from domain 1 to be verified on domain 2?
  29. Is it safe to manually sign a user in using AJAX?
  30. how to send Ajax request in wordpress backend
  31. Identical wp_rest nonce returned from rest_api
  32. wp_create_nonce() in REST API makes user->ID zero
  33. SSO autologin WordPress + Ajax
  34. Should I check for privileges before hooking into `wp_ajax_$handle` or after?
  35. Nonce fails on ajax save
  36. Is it secure to use admin-ajax.php in front?
  37. Unable to successfully verify nonce
  38. Cache plugins and ajax nonce verification
  39. Nonce doesn’t validate in nopriv call
  40. WordPress is creating nonce as a logged in user but verifying it incorrectly
  41. javascript ajax and nonce
  42. How to check nonce lifetime value of plugins?
  43. 200 return code on ‘POST /wp-admin/admin-ajax.php’ while NOT logged in
  44. Custom RPC end-point security best pratice?
  45. How to prevent my external API call from being called by anyone but me (my site)
  46. wp_verify_nonce not working on the mobile device
  47. How do I mitigate replay attacks when talking about actions that shouldn’t happen twice?
  48. check_ajax_reffer not working when logged
  49. How to safely pass post_id and user_id via AJAX to the backend (prevent user from changing it via JS)?
  50. AJAX form not working, still reloads on submit
  51. How to use nonces for frontend AJAX voting if the page gets cached?
  52. Can I make an ajax response cross-domain?
  53. WordPress wp_localize_script nonce and ajax URL
  54. How to cache json with wp-super cache
  55. Get Previous & Next posts by Post ID
  56. ajax – why multiple calls to wp_create_nonce() return same value?
  57. AJAX request on the frontend always returns 0 if user is not admin
  58. Cannot load admin-ajax.php. No access-control allow origin*
  59. Initialize JS with an ajax loaded ACF form
  60. WordPress AJAX calls not detecting language properly?
  61. AJAX issue – Uncaught SyntaxError when processing Zip File
  62. Load ajax if is_home()
  63. Populate a Map at The Same Time as showing Posts via AJAX
  64. wp_localize_script not working on ajax response
  65. Why Does WordPress not output admin-ajax.php path by default?
  66. Test WordPress api with postman
  67. How to handle 400 status in Ajax [duplicate]
  68. How to process wordpress ajax call without action parameter?
  69. All AJAX requests return a 400 error
  70. Create custom POST Method URL
  71. Getting a variable using $post ajax back from php to js response in WP
  72. WordPress is Not Setting PHP $_POST on Custom Ajax
  73. Is it possible to determine whether a page is a page template by page_id in ajax call?
  74. Load image src through Ajax by ID?
  75. PHP session when called wp_ajax_nopriv
  76. What exactly does ‘authenticated’ mean for wp_ajax_nopriv?
  77. How to use Jeditable plugin with admin-ajax.php?
  78. WordPress Ajax Not Firing
  79. Disabling ajax code that does a POST request that ends in a 400 error code
  80. Is it good practice to use REST API in wp-admin plugin page? [closed]
  81. get a bad request 400 on my ajax-admin.php file
  82. Registration form AJAX check for existing username (simple version)
  83. Syntax error on query_vars while handling with Jquery
  84. Want to send ajax request in wordpress to a custom file in plugin
  85. How to send the checkbox value to email
  86. check_admin_referer not working in custom meta box for custom post type
  87. wp_verify_nonce fails always
  88. AJAX Call in Plugin Returns More than JSON
  89. Ajax take too long to return code
  90. problem when adding wp_editor with ajax [duplicate]
  91. Get wp-load.php PATH with wp_localize_script and JavaScript for plugin
  92. Ajax Form seems to post, but does not return
  93. Ajax request to admin-ajax.php and window.location.href
  94. delete attachment for one post without deleting actual attachment post
  95. Memberpress isn’t cooperating with WooCommerce
  96. where does my function output from load-* go?
  97. WordPress blocking polling request when signed into Admin
  98. Translating wordpress foreach to ajax
  99. AJAX loading with custom parameters
  100. Placing ajax actions in different class