wordpress.org – My /wp-admin/* Pages Break (rest_cookie_invalid_nonce) When Activating Cloudflare AMP Optimizer Worker | WP REST API Issues

Question

Hopefully, someone can help guide me in the right direction or give me some insight into this issue.

Background:
We have a WordPress site and we are using the Official AMP Plugin Reader Theme since our theme is not AMP compatible. We found out that the AMP Project has released a worker – https://github.com/ampproject/cloudflare-amp-optimizer/ to optimize AMP pages. The steps will be listed below of what we have done.

METHOD 1:
We followed all of the instructions listed in the above repo. I used their command, npx @cloudflare/wrangler generate my-worker https://github.com/ampproject/cloudflare-amp-optimizer to create the worker using that repo as a reference. I enabled the KV Cache via the config.json file and created the environments and KV bindings as instructed with the command wrangler kv:namespace create "KV" --env=prod and wrangler kv:namespace create "KV" --env=prod --preview. This same process was done with the beta and dev environments. After the wrangler.toml and config.json files were configured per that repo’s instructions, I used the command npm run prod # calls wrangler publish --env=prod. You can see my example repo here – https://github.com/TugT4G/t4g-new-worker-amp-prod.

The weird thing is, that wrangler publish command I listed above, npm run prod # calls wrangler publish --env=prod, to publish my project doesn’t seem to publish the prod environment at all as I cannot see any added Environment Variables or KV Namespace Bindings via Settings of the worker.
Environments – Bindings Not Listed
On top of that:

  1. There are thousands of “Client Disconnected” and “Script Threw Exception” errors with very few Success requests.
  2. Also, I see a KV is not defined error in the console.
    KV is not defined
  3. The route I added gets added to the worker’s “Additional routes” as expected. However, this prevents me from being able to access any of my /wp-admin/* pages, therefore, admins nor anyone else can log in to our site and everyone gets logged out. It simply redirects everyone back to the login page.
  4. If I use my host or WPMUDEV to log into our admin account to WordPress, I receive this error: {"code":"rest_cookie_invalid_nonce","message":"Cookie nonce is invalid","data":{"status":403}}. I looked that up and it seems to be a cache issue or a conflict with the WP REST API.

I also published the worker then add the Environment Variables and KV Namespace Bindings manually and the errors are gone but the {"code":"rest_cookie_invalid_nonce","message":"Cookie nonce is invalid","data":{"status":403}} error is still there.

METHOD 2:
When I use the command wrangler publish --env=prod instead of npm run prod # calls wrangler publish --env=prod, however, it tells me, of course, I need a route to publish that environment, so I add the route, which is the same as in method 1, and it publishes that environment along with the “Environment Variables” and “KV Namespace Bindings”:
Environments – Bindings Listed
I can now see the “Environment Variables” and “KV Namespace Bindings” in the “Settings” of the worker without having to add them manually. However, my “Additional route” that is added to the worker still prevents all users from logging in and logs out all users. When this project is published, there are no KV is not defined errors or “Client Disconnected” and “Script Threw Exception” errors. It’s all successful requests. I cannot keep the additional route enabled and the workers.dev route is null so that is kept deactivated.

Another Test I Ran:
I created a subdomain and added the DNS records to Cloudflare. Then I activated the worker and routed it to my subdomain. I have had none of the following issues in terms of logging in or being logged out. There was no {"code":"rest_cookie_invalid_nonce","message":"Cookie nonce is invalid","data":{"status":403}} error or Invalid Nonce error and I could access my /wp-admin/* pages just fine.

If that’s the case, what in the world could cause that {"code":"rest_cookie_invalid_nonce","message":"Cookie nonce is invalid","data":{"status":403}} error I mentioned with my domain? I have now confirmed that the worker isn’t causing the issue but something in WordPress is. With the below things I have done, I really have no clue what the next step would be.

Other Things I have Done:

  1. I have deactivated all of my plugins
  2. Cleared my cache and cookies
  3. Prevented WP Rocket and Cloudflare from caching /wp-json/, /login, /wp-admin/*, and /register.
  4. Set the Browser Cache TTL and Edge Cache TTL is set to 4 hours
  5. Changed to the default theme
  6. Removed my .htaccess file
  7. I have deactivated all of my plugins, .htaccess file, and put Cloudflare in Development Mode at the same time
  8. Finally, I disabled REST API and restricted it to authenticated users.

Nothing has worked, unfortunately.

My Questions:

  1. How do I fix that {"code":"rest_cookie_invalid_nonce","message":"Cookie nonce is invalid","data":{"status":403}} error so we can finally use the Cloudflare AMP Optimizer worker?

Thanks and regards

0
Tug 5 months 2021-06-28T22:14:24-05:00 0 Answers 0 views 0

Leave an answer

Browse
Browse