Dokan dokan_pageview nonce conflict with cache plugins

Question

Dokan dokan_pageview nonce conflict with cache plugins

Opened this issue a month ago · 0 comments

Bug Description

Issue Summary

The dokan_pageview action has a conflict with cache plugins.

Description

The issue arises because dokan_pageview uses a nonce that expires after approximately 24 hours. When the nonce expires, any cached product page triggers a 403 Forbidden error in the browser's console, displaying:

Error: admin-ajax.php access denied

This issue affects all Dokan-powered websites using caching plugins that cache product pages.

Tested on various Dokan websites from my personal list.

Summary  
URL: /wp-admin/admin-ajax.php  
Status: 403  
Source: Network  
Initiator: jquery.min.js:2:80630  

Request  
:method: POST  
:scheme: https  
:path: /wp-admin/admin-ajax.php  
Accept: */*  
Accept-Encoding: gzip, deflate, br  
Accept-Language: en-US,en;q=0.9  
Content-Length: 58  
Content-Type: application/x-www-form-urlencoded; charset=UTF-8  
Cookie: [REDACTED]  
Origin: [REDACTED]  
Priority: u=3, i  
Referer: [REDACTED]  
Sec-Fetch-Dest: empty  
Sec-Fetch-Mode: cors  
Sec-Fetch-Site: same-origin  
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/18.1.1 Safari/605.1.15  
X-Requested-With: XMLHttpRequest  

MIME Type: application/x-www-form-urlencoded; charset=UTF-8  
action: dokan_pageview  
_ajax_nonce: [REDACTED]  
post_id: [REDACTED]  

Response  
:status: 403  
Access-Control-Allow-Credentials: true  
Access-Control-Allow-Origin: [REDACTED]  
Alt-Svc: h3=":443"; ma=86400  
Cache-Control: no-cache, must-revalidate, max-age=0  
cf-cache-status: DYNAMIC  
cf-ray: [REDACTED]  
Content-Encoding: br  
Content-Type: text/html; charset=UTF-8  
Date: [REDACTED]  
Expires: Wed, 11 Jan 1984 05:00:00 GMT  
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}  
Pragma: no-cache  
Referrer-Policy: strict-origin-when-cross-origin, origin-when-cross-origin  
Report-To: {"endpoints":[{"url":"[REDACTED]"}],"group":"cf-nel","max_age":604800}  
Server: cloudflare  
Strict-Transport-Security: max-age=31536000; includeSubDomains  
Vary: Accept-Encoding  
X-Content-Type-Options: nosniff  
x-envoy-hostname: nginxreplace-contour-envoy-m9229  
x-envoy-upstream-service-time: 1430  
X-Frame-Options: SAMEORIGIN  
x-robots-tag: noindex

Step To Reproduce

Enable a cache plugin (e.g., LiteSpeed Cache, WP Rocket, etc.).

Visit a product page while the dokan_pageview nonce is valid.

Allow the nonce to expire (typically 24 hours).

Revisit the same cached product page.

Check the browser console for a 403 Forbidden error.