x-wp-nonce across domains


I’ve installed WPML with a multiple domain configuration (one domain per language).

The wrong thing is that, when editing for example a post while using a different domain from the main, it just throws errors in the javascript console

The main error is related to Gutenberg functionality and issues with the nonce

Access to XMLHttpRequest at https://example.com …. has been blocked
by CORS policy: Request header field x-wp-nonce is not allowed by
Access-Control-Allow-Headers in preflight response.

Essentially looking at the XHR headers of the given URL, I can see that the x-wp-nonce in the primary domain has not been set-up (although I can see the nonce in the var wpApiSettings correctly set up).

Maybe this is an issue with how the wp-api.js is coded or maybe, it tries to set up the nonce, in the HOST header, instead of the default domain header (which is the one that tries to fulfill the Request Header field in the error).

This is also strange, because in the wpApiSettings it clearly knows which the root URL is…

Not sure if I’m able to proceed to solve this issue somehow.

If I could fetch the wpApiSettings nonce somehow I could force attach it to the headers and it will solve the issue, but I doubt this is possible.

Any other ideas?

, SirLouen 3 years 2019-12-07T17:04:31-05:00 0 Answers 96 views 0

Leave an answer