Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Infinitive loop on API req in Block editor after wordpress_logged_in cookie is removed #67431

Closed
3 of 6 tasks
iruzevic opened this issue Nov 29, 2024 · 3 comments
Closed
3 of 6 tasks

Infinitive loop on API req in Block editor after wordpress_logged_in cookie is removed #67431

iruzevic opened this issue Nov 29, 2024 · 3 comments
Labels
REST API Interaction Related to REST API [Status] Duplicate Used to indicate that a current issue matches an existing one and can be closed [Type] Bug An existing feature does not function as intended

Comments

@iruzevic
Copy link

Description

When you log into the editor and manually remove the wordpress_logged_in cookie, any attempt to save or perform actions in the editor will trigger an infinite loop of API requests, resulting in a 403 Forbidden response with rest_cookie_invalid_nonce.

Even after refreshing the page, these requests will persist, and the only way to stop them is to manually log out.

This infinite loop of requests can spike your CPU to 100%, rendering your site unresponsive.

All details can be found here on the video:
https://drive.google.com/file/d/1SpwEp_kg0okedNBe9yfHpAqMb-wQKdPi/view?usp=sharing

Step-by-step reproduction instructions

  1. Login
  2. Open an block-editor
  3. Remove the wordpress_logged_in cookie
  4. Save the draft
  5. See the infinitive requests in the inspector

Screenshots, screen recording, code snippet

Screen.Recording.2024-11-29.at.14.44.28.mp4

Environment info

Tested:

  • PHP - 8.3 and 7.4
  • Nginx
  • Laravel Herd 1.12.0 (locally) also on Ubuntu server 20.04.2 and 20.04.6
  • WP core - 6.1 - 6.7.1 (I didn't go further)
  • Plugin - none installed
  • Theme - twentytwentyfive, twentytwentyfour

Please confirm that you have searched existing issues in the repo.

  • Yes

Please confirm that you have tested with all plugins deactivated except Gutenberg.

  • Yes

Please confirm which theme type you used for testing.

  • Block
  • Classic
  • Hybrid (e.g. classic with theme.json)
  • Not sure
@iruzevic iruzevic added the [Type] Bug An existing feature does not function as intended label Nov 29, 2024
@Mayank-Tripathi32
Copy link
Contributor

Hello @iruzevic,

Thank you for reporting the issue.
I was able to replicate the problem. While saving settings and other actions worked in settings page but I couldn’t save Gutenberg drafts. I’m not entirely sure how this should be addressed—perhaps the system should log the user out if the cookie is removed or missing?

Test Bench:

  • WordPress: 6.7.1
  • macOS: 14.5

@iruzevic
Copy link
Author

Well my colleague @dingo-d thinks it could be something with this method Image

And that this could be the solution but this wasn't tested
Image

in the end, if you get the rest_cookie_invalid_nonce once, your editor should display the standard "login screen" and stop any additional requests.

@Mamaduka
Copy link
Member

This is a duplicate of #13509.

@Mamaduka Mamaduka added REST API Interaction Related to REST API [Status] Duplicate Used to indicate that a current issue matches an existing one and can be closed labels Nov 29, 2024
@Mamaduka Mamaduka closed this as not planned Won't fix, can't repro, duplicate, stale Nov 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
REST API Interaction Related to REST API [Status] Duplicate Used to indicate that a current issue matches an existing one and can be closed [Type] Bug An existing feature does not function as intended
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Mamaduka @iruzevic @Mayank-Tripathi32