graphql_cookie_auth_require_nonce

apply_filters( 'graphql_cookie_auth_require_nonce', true, null );

Filter whether to require a nonce for cookie-based authentication. By default, WPGraphQL requires a nonce (X-WP-Nonce header or _wpnonce parameter) for cookie-authenticated requests to prevent CSRF attacks.

  • Type: filter
  • Group: Authentication and Authorization
  • Since: 2.5.4
  • Source File: plugins/wp-graphql/src/Router.php

Parameters

  • $require_nonce (bool): Whether to require a nonce for cookie auth. Default true.
  • $request (null): The Request instance (null in Router context).

Source

apply_filters( 'graphql_cookie_auth_require_nonce', true, null );