In my customized plugin code I’ve outlined some customized routes.
<?php
register_rest_toute(
'myplugin/v1',
'/registration',
array(
'strategies' => 'POST',
'callback' => array($this, 'create_user')
)
);
?>
The route is public as a result of I am utilizing it to get the information from a customized type I’ve in a vue app on the front-end. I’ve one other route that sill solely be used to add some paperwork wanted for the registration. I’ve learn that I must go a nonce to the routes to forestall CSFR, what’s the right strategy to achive this?
Once I localize the script to have within the vue app the wanted data, I am making a nonce on this method
<?php
wp_localize_script(
'vueapp-js',
'wp_params',
array(
'resturl' => rest_url('/myplugin/v1'),
'nonce' => wp_create_nonce('registration')
)
);
?>
How I validate it in my callback features for the routes I’ve and the way go it utilizing axios appropriately?