Ajax in WordPress not working for logged in users without wp_ajax_nopriv action

I had a rather interesting problem the other day. My ajax request was not working if I didn’t use the wp_ajax_nopriv_ action on a page where the user was clearly logged in. Why? Why was this happening?

Here was the situation:

Even with everything seemingly set up correctly, it was returning 0. WHY? Turns out that Ajax strips cookies and http authentication data on cross domain requests. And going from http://example.com to https://example.com is cross domain. If I can’t send the WordPress user’s cookies, I can’t use the wp_ajax_$action. See here from wp-admin/admin-ajax.php:77

if ( is_user_logged_in() ) {
* Fires authenticated AJAX actions for logged-in users.
* The dynamic portion of the hook name, `$_REQUEST['action']`,
* refers to the name of the AJAX action callback being fired.
* @since 2.1.0
do_action( 'wp_ajax_' . $_REQUEST['action'] );
} else {
* Fires non-authenticated AJAX actions for logged-out users.
* The dynamic portion of the hook name, `$_REQUEST['action']`,
* refers to the name of the AJAX action callback being fired.
* @since 2.8.0
do_action( 'wp_ajax_nopriv_' . $_REQUEST['action'] );

So what’s the way around it? I decided to force my requesting page to https as it probably should have been already. You could also send the xhr withCredentials thing in your jQuery but don’t you need to add headers to the response? HEADERS, will someone please think of the headers? God people, really.


A quick explanation of it all: https://quickleft.com/blog/cookies-with-my-cors/

There is some sort of jsonp workaround that people refer to but I don’t know, I think the answer is probably to re-do admin-ajax.php as a plugin or something with all the proper things and then use that. Maybe not, it looks like everything is going to https anyway so might not matter soon at any rate.

What do you think?

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s