Contact form: remove front-end nonces
|Reported by:||iandunn||Owned by:||tmoorewp|
|Plugin:||jetpack||Keywords:||grunion contact-form plugin-compat has-patch|
Nonces on the front-end don't serve any security purpose, and can cause errors when they're cached and then expire.
I'm getting reports of sporadic "Are you sure..." wp_die()-style error messages when users fill out contact forms on WordCamp.org and suspect they're being caused by expired front-end nonces in the contact form.
The process looks similar to this:
- Page with form is created
- Page is viewed for the first time
- Nonce is generated
- Page is cached
- Time passes and the nonce expires
- Cached version of page is viewed again
- Form is submitted with expired nonce
- User gets "Are you sure..." error and form is not submitted
Removing the nonce fixes the problem without causing any security issues, since the nonce wasn't giving any real protection in the first place.
Change History (8)
- Cc jeremy+wp@… added
- Keywords grunion contact-form plugin-compat added
- Summary changed from Remove front-end nonces from contact form module to Contact form: remove front-end nonces