WordPress REST API, Expired Nonce from Cache results in 403 forbidden


My wordpress site sits behind Akamai, which is a cacheing service similar to Cloudflare.

I make the following API call:

GET /wp-json/mytheme/v1/get-posts?post_type=videos

This is done using apiFetch from ‘WPBeginner - WordPress Tutorials/api-fetch’;

And it automatically includes this in the request header

X-WP-Nonce: 12323423

This works fine until 24 hours later, when the nonce expires.
The cache still continues to use the expired Nonce resulting in a 403 forbidden and a broken page.

If I make the same request without Nonce header, it works perfectly fine.

Is there a way in WordPress to disable or remove the Nonce for GET requests only?

Or even strip out the X-WP-Nonce header by intercepting the Request?

This my code for making the request which is being made from the wordpress frontend.

     path: '/wp-json/mytheme/v1/get-posts?post_type=videos',
     parse: false,
elMarquis 2 months 0 Answers 9 views 0

Leave an answer