PHPackages snicco/wp-nonce-middleware - PHPackages - PHPackages [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register) 1. [Directory](/) 2. / 3. [Security](/categories/security) 4. / 5. snicco/wp-nonce-middleware ActiveLibrary[Security](/categories/security) snicco/wp-nonce-middleware ========================== v1.10.1(1y ago)210.6kLGPL-3.0-onlyPHPPHP ^7.4|^8.0 Since Apr 17Pushed 1y ago1 watchersCompare [ Source](https://github.com/snicco/wp-nonce-middleware)[ Packagist](https://packagist.org/packages/snicco/wp-nonce-middleware)[ RSS](/packages/snicco-wp-nonce-middleware/feed)WikiDiscussions master Synced today READMEChangelogDependencies (5)Versions (35)Used By (0) WordPress nonce middleware for [`snicco/http-routing`](https://github.com/snicco/http-routing) ============================================================================================== [](#wordpress-nonce-middleware-for-sniccohttp-routing) [![codecov](https://camo.githubusercontent.com/a99e6ec528fffd1664e95534f9a09a4a09d2afe62799ff0d8774dc22d8453f6c/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f436f7665726167652d3130302532352d73756363657373)](https://codecov.io/gh/snicco/snicco)[![Psalm Type-Coverage](https://camo.githubusercontent.com/c12cfed65c7da16501f7a84e7861b8c4757fc30e9dc00bb2983783dbb3f3f84c/68747470733a2f2f73686570686572642e6465762f6769746875622f736e6963636f2f736e6963636f2f636f7665726167652e7376673f)](https://shepherd.dev/github/snicco/snicco)[![Psalm level](https://camo.githubusercontent.com/c5e90ffcf3a5aa1f78f93bddde5db7627b114329393aa87697df8cedc7f5391a/68747470733a2f2f73686570686572642e6465762f6769746875622f736e6963636f2f736e6963636f2f6c6576656c2e7376673f)](https://psalm.dev/)[![PhpMetrics - Static Analysis](https://camo.githubusercontent.com/364ffb28ea219affd0fed2e99cc046bac0bf41da3f1d3814e0cbe4a4bb54c994/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5068704d6574726963732d5374617469635f416e616c797369732d326561343466)](https://snicco.github.io/snicco/phpmetrics/WPNonce/index.html)[![PHP-Versions](https://camo.githubusercontent.com/241a10d25aa09d5e8a82ebd2b55780a63dd43736d958d4004c3166e650874aca/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d253545372e34253743253545382e30253743253545382e312d626c7565)](https://camo.githubusercontent.com/241a10d25aa09d5e8a82ebd2b55780a63dd43736d958d4004c3166e650874aca/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f5048502d253545372e34253743253545382e30253743253545382e312d626c7565) This middleware for the [`snicco/http-routing`](https://github.com/snicco/http-routing) component will eliminate your **WordPress** nonce problems once and for all. Stop validating nonces manually in each controller. Stop forgetting to validate nonces. Stop coupling your controller code to your views through nonce actions. There is a better way. Installation ------------ [](#installation) ``` composer require snicco/wp-nonce-middleware ``` Usage ----- [](#usage) Add the [`VerifyWPNonce`](src/VerifyWPNonce.php) middleware to your global middleware. This middleware does the following for every request: - Unsafe requests (`POST`, `PATCH`, `DELETE`, etc) will be checked for a valid **WordPress** nonce in the request body using [`wp_verify_nonce`](https://developer.wordpress.org/reference/functions/wp_verify_nonce/). If no valid nonce is found a `401 HTTPException` will be thrown. - For READ requests and instance of [`WPNonce`](src/WPNonce.php) will be added to the view data if the returned response is a `ViewResponse`. In your views you can use the [`WPNonce`](src/WPNonce.php) instance like so: **Posting to the same location where the form is located:** ``` Submit ``` **Posting to a route url or hard-coded url that is different from the current location:** ```