search

bitnami / vms

Bitnami VMs
https://bitnami.com
Other
206 stars 43 forks source link

WordPress Multisite AWS Lightsail - wp-json urls return 403 invalid nonce #1458

Closed EarthmanWeb closed 6 months ago

EarthmanWeb commented 6 months ago

Describe your issue as much as you can

The frontend permalinks are working, so it's not a rewrite issue, but everytime I try to access the WP Editor in the backend, I get dozens of console errors for anything at /wp-json/[*.]

This is an out of the box Bitnami Install using Lightsail's WPMS image. Apache server. I installed the 'Responsive' theme, and Elementor, and some other plugins, but then disabled them all and the errors still happen.

The errors I get from any wp-json url show:

{
    "code": "rest_cookie_invalid_nonce",
    "message": "Cookie check failed",
    "data": {
        "status": 403
    }
}

Any request to: /wp-admin/admin-ajax.php?action=rest-nonce returns blank with no headers - just provisional headers

Request URL:
/wp-admin/admin-ajax.php?action=rest-nonce
Referrer Policy:
strict-origin-when-cross-origin

I have addressed all of the following:

  1. Verify SSL Configuration SSL configuration seems correct, certificates (server.crt and server.key) are up to date and not causing issues with client connections.

  2. Consistent Use of HTTPS Site is configured to use HTTPS, all requests, including REST API calls, are made over HTTPS.

  3. Check WordPress Site URLs WordPress site URLs (both Site Address (URL) and WordPress Address (URL)) are set to use https explicitly.

  4. Temporary Plugin and Theme Check As a diagnostic step, I've disabled all plugins and switched to a default theme (like Twenty Twenty-Four). Errors persist

  5. Server and WordPress Debug Logs Checked server logs (/opt/bitnami/apache/logs/error_log) - nothing is showing

  6. Checked file permissions - ran the code: 

    sudo find /bitnami/wordpress/ -type d -exec chmod 775 {} \;
sudo find /bitnami/wordpress/ -type f -exec chmod 664 {} \;
sudo chmod 640 /bitnami/wordpress/wp-config.php

  7. Reviewed conf files - included below - tried some fixes found online with no success like SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

/opt/bitnami/apache/conf/vhosts/htaccess/wordpress-htaccess.conf

SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1

<Directory "/opt/bitnami/wordpress">

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule ^(.*) - [E=HTTP_AUTHORIZATION:%1]

    RewriteEngine On
    RewriteRule ^index\.php$ - [S=1]
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule . index.php [L]

</Directory>

<Directory "/opt/bitnami/wordpress/wp-content/plugins/akismet">
  # Only allow direct access to specific Web-available files.

  # Apache 2.2
  <IfModule !mod_authz_core.c>
        Order Deny,Allow
        Deny from all
  </IfModule>

  # Apache 2.4
  <IfModule mod_authz_core.c>
        Require all denied
  </IfModule>

  # Akismet CSS and JS
  <FilesMatch "^(form\.js|akismet(-frontend|-admin)?\.js|akismet(-admin)?(-rtl)?\.css|inter\.css)$">
        <IfModule !mod_authz_core.c>
                Allow from all
        </IfModule>

        <IfModule mod_authz_core.c>
                Require all granted
        </IfModule>
  </FilesMatch>

  # Akismet images
  <FilesMatch "^(logo-(a|full)-2x\.png|akismet-refresh-logo\.svg|akismet-refresh-logo@2x\.png|arrow-left\.svg|icon-external\.svg)$">
        <IfModule !mod_authz_core.c>
                Allow from all
        </IfModule>

        <IfModule mod_authz_core.c>
                Require all granted
        </IfModule>
  </FilesMatch>
</Directory>

/opt/bitnami/apache2/conf/bitnami/bitnami.conf

# Default Virtual Host configuration.

# Let Apache know we're behind a SSL reverse proxy
SetEnvIf X-Forwarded-Proto https HTTPS=on

<VirtualHost _default_:80>
  DocumentRoot "/opt/bitnami/apache/htdocs"
  RewriteEngine On
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
  <Directory "/opt/bitnami/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>
  <Directory "/opt/bitnami/wordpress">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>
  # Error Documents
  ErrorDocument 503 /503.html
</VirtualHost>
Include "/opt/bitnami/apache/conf/bitnami/bitnami-ssl.conf"

/opt/bitnami/apache2/conf/bitnami/bitnami-ssl.conf

# Default SSL Virtual Host configuration.

<IfModule !ssl_module>
  LoadModule ssl_module modules/mod_ssl.so
</IfModule>

Listen 443
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !EDH !RC4"
SSLPassPhraseDialog  builtin
SSLSessionCache "shmcb:/opt/bitnami/apache/logs/ssl_scache(512000)"
SSLSessionCacheTimeout  300

<VirtualHost _default_:443>
  DocumentRoot "/opt/bitnami/apache/htdocs"
  RewriteEngine On
SetEnvIf Authorization "(.*)" HTTP_AUTHORIZATION=$1
  RewriteCond %{HTTPS} !=on
  RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
  RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
  SSLEngine on
  SSLCertificateFile "/opt/bitnami/apache/conf/bitnami/certs/server.crt"
  SSLCertificateKeyFile "/opt/bitnami/apache/conf/bitnami/certs/server.key"

  <Directory "/opt/bitnami/apache/htdocs">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>
  <Directory "/opt/bitnami/wordpress">
    Options Indexes FollowSymLinks
    AllowOverride All
    Require all granted
  </Directory>
  # Error Documents
  ErrorDocument 503 /503.html
</VirtualHost>

wp-config.php entries:

define( 'WP_ALLOW_MULTISITE', true );
define( 'MULTISITE', true );
define( 'SUBDOMAIN_INSTALL', true );
$base = '/';
define( 'DOMAIN_CURRENT_SITE', 'CORRECTDOMAIN.COM' );
define( 'PATH_CURRENT_SITE', '/' );
define( 'SITE_ID_CURRENT_SITE', 1 );
define( 'BLOG_ID_CURRENT_SITE', 1 );

define( 'WP_HOME', 'https://CORRECTDOMAIN.COM' );
define( 'WP_SITEURL', 'https://CORRECTDOMAIN.COM' );
define( 'COOKIE_DOMAIN', 'https://CORRECTDOMAIN.COM' );

Can someone please help?! This is an absolute nightmare.

I have used a WPMS installation in Lightsail before and it never did this...

Is there a way to 'reset' it, or can someone please see something I am not? Any suggestions would be most appreciated please!

EDIT:

Also reinstalled permissions and core with no changes:

sudo chown -R bitnami:daemon /opt/bitnami/wordpress
sudo find /opt/bitnami/wordpress -type d -exec chmod 775 {} \;
sudo find /opt/bitnami/wordpress -type f -exec chmod 664 {} \;
cd /opt/bitnami/wordpress
sudo wp core download --skip-content --force
EarthmanWeb commented 6 months ago

Oh how ridiculous!

All I needed to do was log out, clear my cookies, fix this line in my wp-config

define( 'COOKIE_DOMAIN', 'https://CORRECTDOMAIN.COM' );

to 

define( 'COOKIE_DOMAIN', 'CORRECTDOMAIN.COM' );

and the problem is solved. talk about looking in the wrong direction!!!

Closing this now.