that looks good in my eyes. but i just had the same issue, that’s why i stumbled over your question.
i fixed it in my case with
if (!wp_verify_nonce($_POST['nonce'], 'nonce')) {
die(__('Security Check failed', 'textdomain'));
}
at the very beginning of my ajax action. no idea, where the 403 issue came from, since it worked on desktop machines, but not on my mobile. weird.. give it a shot and let me know, if this helps.
one other thing i saw in your code, but not sure, if it is causing issues: one time you use single quotes, the other time doubles. try to be consistent here.
Related Posts:
- Nonces and Cache
- Is it safe to assume that a nonce may be validated more than once?
- Multiple ajax nonce requests
- AJAX requests broken due to HTTPS for wp-admin
- Nonces, AJAX, script variables & security in WordPress
- How do I check if AJAX nonces are implemented correctly?
- WP Admin AJAX Security – using POST to include a relative URL
- ajax nonce verification failing
- Using nonce when loading posts with AJAX
- Should wordpress nonce be placed in html form or in javascript file
- Ajax Security regarding user priviliges and nonces
- How to stop a nonce from being cached in an inline script, or alternatives to regenerate it if expired?
- How to get a unique nonce for each Ajax request?
- WordPress Ajax Data Security
- Nonces can be reused multiple times? Bug / Security issue?
- SSL breaks customizer: page isn’t returned from ajax
- Using Nonces for AJAX that only retrieves data
- How to verify nonce from Bulk/Quick Edit in save_post?
- How to add WordPress nonces to ajax request
- Security – Ajax and Nonce use [closed]
- Nonces and Ajax request to REST API and verification
- Ajax function returns -1
- Serving nonces through AJAX is not refreshing nonce, returning 403 error
- wp_verify_nonce always returns false when logged in as admin
- ajax and nonce when JavaScript is in a seperate file
- wp_verify_nonce doesn’t return true on server when it matches the nonce
- Why does WordPress Heartbeat login not refresh the nonces?
- wp-admin AJAX with Fetch API is done without user
- How to check an ajax nonce in PHP
- Can a wp_nonce created from domain 1 to be verified on domain 2?
- Is it safe to manually sign a user in using AJAX?
- how to send Ajax request in wordpress backend
- Identical wp_rest nonce returned from rest_api
- wp_create_nonce() in REST API makes user->ID zero
- SSO autologin WordPress + Ajax
- Should I check for privileges before hooking into `wp_ajax_$handle` or after?
- How can I set cookies on both secure and non-secure origins at the same time?
- Nonce fails on ajax save
- Images loading over http instead of https
- Is it secure to use admin-ajax.php in front?
- Unable to successfully verify nonce
- Cache plugins and ajax nonce verification
- Nonce doesn’t validate in nopriv call
- WordPress is creating nonce as a logged in user but verifying it incorrectly
- javascript ajax and nonce
- How to check nonce lifetime value of plugins?
- 200 return code on ‘POST /wp-admin/admin-ajax.php’ while NOT logged in
- Custom RPC end-point security best pratice?
- How to prevent my external API call from being called by anyone but me (my site)
- wp_verify_nonce not working on the mobile device
- How do I mitigate replay attacks when talking about actions that shouldn’t happen twice?
- check_ajax_reffer not working when logged
- How to safely pass post_id and user_id via AJAX to the backend (prevent user from changing it via JS)?
- AJAX form not working, still reloads on submit
- How to force the admin-ajax.php file to load over HTTPS?
- How to use nonces for frontend AJAX voting if the page gets cached?
- Can I make an ajax response cross-domain?
- WordPress wp_localize_script nonce and ajax URL
- How does the security of admin_ajax.php work?
- How to cache json with wp-super cache
- Can I use the same nonce for multiple requests on the same page?
- Is there a way to force ssl on certain pages
- Admin Notification after save_post, when ajax saving in gutenberg
- Cannot load admin-ajax.php. No access-control allow origin*
- Initialize JS with an ajax loaded ACF form
- WordPress Nonce Issue for Ajax Login and Logout
- How to modify wp_ajax function?
- Vue.js + AJAX Shortcode
- wp_ajax action is not running
- How do I set the url to make an ajax request for a html document?
- Populating content dynamically via AJAX and Advanced Custom Fields [closed]
- Create Page With wp_insert_post() and AJAX
- How to handle 400 status in Ajax [duplicate]
- How to process wordpress ajax call without action parameter?
- WordPress ajax works on FF but not on IE & chrome
- Are there any security risks when submitting data-attribute data through AJAX?
- Is it safe to use admin-ajax.php in the frontend?
- Why do Metabox use Nonces?
- WordPress action – Pass arguments into action in an AJAX call?
- Need help with ajax
- Get title and featured image using Ajax
- My function containing a mysql query launched by ajax is not working in wordpress. What am I missing?
- https rewrite not working for All in one security Brute force > rename login url
- Wp admin ajax load more
- wordpress ajax search posts
- How to inject data content from external json into a modal, using UIkit?
- Ajax by worpdress affects called jquery inside template file
- Having a self updating list
- First time doing Ajax with WP, how to do it?
- Unexpected WordPress search results
- WordPress Get Header and Footer using in Admin Area
- ajax page template
- Using Javascript Callback from plugin in a theme
- Why does my Ajax Get request give a 400 bad request?
- AJAX loading with custom parameters
- Adding custom fields to Wired Impact Volunteer Management Plugin
- Placing ajax actions in different class
- How to update my jquery/PHP function to add/remove user as favorites in (WordPress) users list
- randomly get 400 error while user is logged in wp_ajax
- register_rest_route to send via ajax as guest results to 403