{"id":352,"date":"2012-06-05T13:26:49","date_gmt":"2012-06-05T05:26:49","guid":{"rendered":"http:\/\/lesterchan.net\/wordpress\/?p=352"},"modified":"2012-06-15T10:32:58","modified_gmt":"2012-06-15T02:32:58","slug":"ajax-not-working-for-wp-email-wp-polls-wp-postratings-or-wp-postviews","status":"publish","type":"post","link":"https:\/\/lesterchan.net\/wordpress\/2012\/06\/05\/ajax-not-working-for-wp-email-wp-polls-wp-postratings-or-wp-postviews\/","title":{"rendered":"AJAX Not Working For WP-Email, WP-Polls, WP-PostRatings or WP-PostViews?"},"content":{"rendered":"<p>About 2 weeks ago, I release an update to <a href=\"https:\/\/lesterchan.net\/wordpress\/2012\/05\/22\/wp-polls-wp-postratings-wp-postviews-wp-email-updated\/\">r WP-Email, WP-Polls, WP-PostRatings and WP-PostViews<\/a> which added some nonce check and moved the AJAX request to be handled by \/wp-admin\/admin-ajax.php.<\/p>\n<p>3 common issues that users are facing.<\/p>\n<p><strong>&#8220;-1&#8221; or &#8220;Failed To Verify Referrer&#8221;<\/strong><br \/>\nThis means that most likely you are using a caching plugin like W3 Total Cache (W3TC) and the Javascript being minified\/combined and cached is outdated. Just empty the JS\/CSS cache under the &#8220;Minify&#8221; section of W3TC in WP-Admin and W3TC will regenerate it again. This will solve the problem.<\/p>\n<p><strong>Password Protected \/wp-admin\/ Will Not Work<\/strong><br \/>\nIf you are using .htpasswd to protect your \/wp-admin\/ folder, AJAX request to \/wp-admin\/admin-ajax.php will not work. This problem is not unique to my plugin. Any WordPress Plugins that uses the <a href=\"http:\/\/codex.wordpress.org\/AJAX_in_Plugins\">WordPress AJAX API<\/a> will break. As mentioned in this Codex, <a href=\"http:\/\/codex.wordpress.org\/Hardening_WordPress\">Hardening WordPress<\/a>:<\/p>\n<blockquote><p>Simply securing the wp-admin\/ directory might also break some WordPress functionality, such as the AJAX handler at wp-admin\/admin-ajax.php<\/p><\/blockquote>\n<p>To bypass this, check out this tutorial, <a href=\"http:\/\/kuttler.eu\/post\/htaccess-protect-wordpress-admin\/\">Password protecting the wp-admin directory<\/a>, this tutorial will teach you how to whitelist admin-ajax.php in your \/wp-admin\/ using .htaccess. <\/p>\n<p>I still hope in the future version of WordPress, they will separate front facing AJAX requests vs backend AJAX requests.<\/p>\n<p><strong>Your WP-Admin Is HTTPS While Your Site Is Not<\/strong><br \/>\nIf your WP-Admin is behind SSL aka HTTPS and you have the following config in your wp-config.php <code>define('FORCE_SSL_ADMIN', true);<\/code>, the AJAX will fail because https:\/\/yoursite.com is different from http:\/\/yoursite.com and the browser treat it as different domain.<\/p>\n<p>To solve this issue do the following:<br \/>\nFind:<br \/>\n<code>'ajax_url' => admin_url('admin-ajax.php'),<\/code><br \/>\nReplace:<br \/>\n<code>'ajax_url' => admin_url('admin-ajax.php', (is_ssl() ? 'https' : 'http')),<\/code><\/p>\n<p><del datetime=\"2012-06-14T10:42:31+00:00\">What the code does is basically forcing http to be used when calling admin-ajax.php for AJAX request. Again this is a hack, I am trying to figure a way around it.<\/del><\/p>\n<p>I have pushed the code to trunk of all the respective plugins.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>About 2 weeks ago, I release an update to r WP-Email, WP-Polls, WP-PostRatings and WP-PostViews which added some nonce check and moved the AJAX request to be handled by \/wp-admin\/admin-ajax.php. 3 common issues that users are facing. &#8220;-1&#8221; or &#8220;Failed To Verify Referrer&#8221; This means that most likely you are using a caching plugin like &hellip; <a href=\"https:\/\/lesterchan.net\/wordpress\/2012\/06\/05\/ajax-not-working-for-wp-email-wp-polls-wp-postratings-or-wp-postviews\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;AJAX Not Working For WP-Email, WP-Polls, WP-PostRatings or WP-PostViews?&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6,8,9,10],"tags":[138],"class_list":["post-352","post","type-post","status-publish","format-standard","hentry","category-wp-email","category-wp-polls","category-wp-postratings","category-wp-postviews","tag-ajax"],"views":49493,"_links":{"self":[{"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/posts\/352","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/comments?post=352"}],"version-history":[{"count":0,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/posts\/352\/revisions"}],"wp:attachment":[{"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/media?parent=352"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/categories?post=352"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lesterchan.net\/wordpress\/wp-json\/wp\/v2\/tags?post=352"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}