Problem with ConvertPRO's nonce when using WP Rocket and APO

Hello, I have a problem with nonce when using WP Rocket and APO.
My Optin plugin named Convert PRO is stop working because the conflict about WP Rocket and Cloudflare APO

The WP Rocket’s support said the WP Rocket doesn’t support APO.

And it recommended disable one of them.

The strange thing is the Cloudflare APO said in article that WP Rock is compatible.

So, anyone can help me with that ? There are anything that I can do for fix it?

Many threads on APO/WP Rocket
https://community.cloudflare.com/search?q=apo%20rocket

As for the issue, you may have to ask ConvertPRO what mechanism they use. If it’s a cookie, then APO probably doesn’t recognize it, and is returning cached responses instead.

@sdayman thanks for you reply,

The Convert PRO support said:

Convert Pro has provided security in which it generates random numbers in which are checked on the server-side during the form submission to make sure that no one is spamming the form, this random number is called the nonce.

After clearing the cache it regenerates the new one.

This random number is only valid for 12 hours or so. After 12 hours it generates a new random number. Due to server cache, the old number is always served even after 12 hours depending upon the duration of the cache which in turn identifies the old number as a threat and does not allow the form to submit.

Now, while submitting the Convert Pro form and AJAX request is sent, in which the nonce is sent, However, with heavy use of caching systems the older nonce value is been used and which is not matched in the back-end and it becomes harder to generate new them and output fresh nonces instead of cached ones.

So, it needs to be clear the website cache to get the fresh nonce.

I already try reduce lifespan but it didn’t solve.

The Convert PRO can’t help me because it is a issue about cache. And WP Rocket can’t help me because it is a incompatibility with APO.

Could you help me?

You’re bound to face a lifespan issue because they’re on a 12 hour schedule, and your cache might be a 12 hour cache, but not the same 12 hour window. You could lower it to 2 hours, but you’d potentially have a 2 hour period where the nonce doesn’t match.

The only solution I can think of that works with APO would be to custom code a script on your server that purges the Cloudflare cache when the nonce changes.

1 Like

@sdayman thanks,

So I need choose one of theses plugins to disable, because I’m not able to do this script.

Do you have any suggestion about plugin similar WP Rocket that is 100% compatible with APO?

The problem with your configuration really is APO. APO doesn’t know the nonce has changed, so it’s not purging the cache. @yevgen might have some suggestions.

Out of curiosity, is the nonce on all pages?

1 Like

Out of curiosity, is the nonce on all pages?

Yes, on most pages I am using Convert PRO.

1 Like

@sdayman, for while I’m trying without WP Rocket.

But I have a doubt, this problem is about conflict WP Rocket and APO or about APO? If I disable WP Rocket will solve?

I’m asking because the problem is not fast to debug. It sometines occurs, I don’t have control.

If anyone has any suggestion about plugin similar to WP Rocket that is 100% compatible with APO, please tell me.

I don’t think you need to disable WP Rocket. What you need is to set 8h caching period for all the pages which use The Convert PRO.

You can do this with WP Rocket: Nonces and Cache Lifespan - WP Rocket Knowledge Base.

You can do this with APO (Edge Cache TTL rule): Understanding Automatic Platform Optimization (APO) with WordPress – Cloudflare Help Center.

2 Likes

@yevgen Thanks for your reply. I saw now your message, it not notified me.

In these time, I tried without WP Rocket and the issue continue.

So now I know the problem is in my setting in cloudflare. I noticed that my TTL Bowser Cache is 4 hours.

So I need just set up to 8 hours for this issue dissapears?

I’m asking because the wp rocket said for me try 1 hours lifespan in WP Rocket settings and it didn’t solved my problem, so I’m need you help to setup proper in cloudflare.

Could explain better for me this issue in clouflare setting?

I have some doubts:

1 - I need increase or descrese this lifespan time?

2 - Could you explain also the difference about TLL Browser and TLL Edge?

3 - It are correlated or not?

4 - I need set 8 hours in Edge and keep 4 hours in Browser?

5 - In this case I will need set in all pages, it will be a problem?

@yevgen I’m still waiting your help :slight_smile:

@davidataualpa I recommend you try the following:

see whether the issue is resolved or not.

I can’t disable Browser TTL rule, in this article said

Browser Cache TTL Control how long resources cached by client browsers remain valid. The Cloudflare UI and API both prohibit setting Browser Cache TTL to 0 for non-Enterprise domains. Learn more.

But I have a option to set “Respect Existing Headers”.

What you recommend use 1 hours or “Respect Existing Headers”?

About Edge TTL I already did it. What is better for my case use 8h or 4h ? Could you explain, please?

“Respect Existing Headers” should be fine.

About Edge TTL I already did it. What is better for my case use 8h or 4h ? Could you explain, please?

Convert Pro generates a valid token for 12 hours. I think it’s safe to use 8h for the Edge Caching. The only requirement here is to keep in cached on Cloudflare Edge servers less then Convert Pro token is valid. You don’t want to cache HTML on the client you need to make sure (Browser TTL + Edge TTL) < Convert Pro Token TTL.

1 Like

Great, now I understood. Thanks a lot. I’m testing it…

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.