Preventing Unwanted WooCommerce Sessions from Automatic OPTIONS Requests #908
Comments
pooriaset
changed the title
|
@pooriaset What are you using to send you're GraphQL request? Apollo, React Query, fetch? |
|
I’m using Apollo, but Apollo does not have this behavior. The browser sent OPTIONS requests. |
|
@pooriaset That is known as the pre-flight check, and it looks like you have your session tokens configured incorrectly. Have you read the docs here |
|
@kidunot89 I am facing the same issue, It does not matter if I query for products or something else, A new session is created and sent with every single response. May be I am missing something there but I think the way it should work is by only getting the session token if we do cart or order related queries / mutations. |
|
@pooriaset Have you found any solution to this issue yet? |
|
This issue occurs when you send requests from a domain like example.com to api.example.com. The browser automatically sends OPTIONS requests to check for CORS (Cross-Origin Resource Sharing). I have temporarily resolved this issue in this way. Please check the link below for more details: |
|
Thanks for your help man, I checked your pull request but I am little confused how do I Implement this safely. (NOT A PHP GUY 😅). |
I am using Next.js and need to fetch a product by slug to create a dynamic route. It is impossible to pass a session token in generateStaticParams. Even if I choose not to prerender pages at build time and instead rely on runtime prerendering (SSG), I have no option but to access the session token from cookies. However, if I do that, Next.js will no longer prerender on request and will instead trigger a refetch for every request (SSR). If I understand your implementation correctly, it seems more like a client-side approach, which does not align with Next.js's prerendering system. I would love to deep dive into this to explore potential solutions. |
Describe the bug
Hello,
I encountered an issue while developing my latest project. The frontend is hosted at
example.com, while the backend is atapi.example.com. Due to the different domains, the browser automatically sends an OPTIONS request for CORS.Since this is done automatically by the browser, we are unable to set the woocommerce-session header. As a result, a new session is created in the wp_woocommerce_sessions table for each OPTIONS request.
To prevent this issue, I believe it would be better to check if the request method is not
OPTIONSbefore creating a session.The image below illustrates the unnecessary tokens that are being created.
To Reproduce
Simply call services from a localhost to any backend multiple times. Even though we set the woocommerce-session header, there is nothing we can do for the
OPTIONSrequests.If you agree, I can implement the necessary changes myself and submit a pull request.
Thank you!
The text was updated successfully, but these errors were encountered: