Make nonce optional

Question

Make nonce optional

Closed this issue 3 months ago · 3 comments

Currently using this plugin prohibits page caching for more than 12h due to nonce requirements.
I don't know about other form plugins but at least gravityforms and core login does not use nonces so they do support long caching.

Another option would be to return the nonce from the challenge REST API but I kind of don't see the requirement for it to begin with. I'd argue it's up to the form to define if a nonce is needed or not for it's function.

Answer 1 · 2024-09-08T16:18:43.000Z

By the way, im happy to open a PR if this is a feature you would accept.

Answer 2 · 2024-09-09T12:24:28.000Z

Hi, the nonces are there only because people from wordpress didn't want to publish the plugin in the directory without it. But as you mentioned, almost none of the other plugins have it, so I think we can try to remove nonces completely (they don't add any value or security anyway) and if the wordpress people have a problem with it, add it back again.

You're welcome to make a PR, or I can do it later.

Answer 3 · 2024-09-22T10:55:26.000Z

Fixed in version 1.9.0