graphql_get_nonce
graphql_get_nonce(): string;
Generate a WPGraphQL nonce for cookie-based authentication. This nonce is required for authenticated GraphQL HTTP requests that use WordPress cookie authentication. It provides CSRF protection by proving the request originated from a legitimate WordPress-generated page. Example usage in JavaScript: javascript fetch('/graphql', \{ headers: \{ 'Content-Type': 'application/json', 'X-WP-Nonce': wpGraphQLSettings.nonce \}, body: JSON.stringify(\{ query: '\{ viewer \{ name \} \}' \}) \}); Example usage in PHP for localizing to JavaScript: php wp_localize_script( 'my-script', 'wpGraphQLSettings', [ 'nonce' => graphql_get_nonce(), 'endpoint' => graphql_get_endpoint(), ] );
- Since: 2.6.0
- Source File:
plugins/wp-graphql/access-functions.php
Return
string: The WPGraphQL nonce string.
Source
function graphql_get_nonce(): string {