/** * ST Cache - Nonce Refresh Handler * * PROBLEM: Cached HTML içindeki nonce'ler expire olabilir * SOLUTION: Client-side JavaScript ile fresh nonce çek ve replace et * * WordPress Security Best Practice: * - Nonce'ler 12-24 saat expire olur * - Cache 1 hafta tutulabilir * - Client-side refresh = SEO friendly + güvenli * * PAGESPEED FIX: Script 'defer' ile yüklenir (non-blocking) * - DOMContentLoaded yerine immediate execution (defer zaten DOM hazır garanti eder) * - Kritik yol gecikmeleri azalır * * @package STCache * @since 1.0.0 */ (function() { 'use strict'; // PAGESPEED FIX: defer attribute ile yüklendiğinde DOM zaten hazır // DOMContentLoaded kontrolü gereksiz (defer = DOM ready garanti eder) // Immediately execute refreshNonces(); /** * Tüm nonce field'leri bul ve refresh et */ function refreshNonces() { // HTML Nonce field'leri bul var nonceFields = document.querySelectorAll('input[name="_wpnonce"], input[name="_ajax_nonce"], input[name="security"]'); // JavaScript nonce objelerini kontrol et var hasJsNonces = (typeof window.STMOVIE_AJAX !== 'undefined' && window.STMOVIE_AJAX.nonces); if (nonceFields.length === 0 && !hasJsNonces) { return; // Hiç nonce yok, işlem yok } // AJAX ile fresh nonce çek var xhr = new XMLHttpRequest(); xhr.open('POST', stCacheNonce.ajaxUrl, true); xhr.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); xhr.onload = function() { if (xhr.status === 200) { try { var response = JSON.parse(xhr.responseText); if (response.success && response.data.nonces) { // HTML input nonce'lerini güncelle if (nonceFields.length > 0) { updateNonceFields(nonceFields, response.data.nonces); } // CRITICAL FIX: JavaScript nonce'lerini güncelle // STMovie themes: window.STMOVIE_AJAX.nonces if (hasJsNonces) { updateJavascriptNonces(response.data.nonces); } } } catch (e) { if (window.console && console.error) { console.error('ST Cache: Nonce refresh failed', e); } } } }; // Action: st_cache_refresh_nonces xhr.send('action=st_cache_refresh_nonces'); } /** * Nonce field'leri güncelle * * @param {NodeList} fields Nonce input field'leri * @param {Object} nonces Fresh nonce'ler (action => nonce) */ function updateNonceFields(fields, nonces) { for (var i = 0; i < fields.length; i++) { var field = fields[i]; var form = field.closest('form'); if (!form) { continue; // Form bulunamadı } // Form action'ını belirle (nonce action için) var actionInput = form.querySelector('input[name="action"]'); var actionName = actionInput ? actionInput.value : 'default'; // CRITICAL FIX: STMovie login/register form nonce'leri // input[name="security"] alanları için özel kontrol if (field.name === 'security') { // Login form kontrolü if (form.id === 'login' || form.classList.contains('login-form')) { field.value = nonces['ajax_login'] || field.value; continue; } // Register form kontrolü if (form.id === 'register' || form.classList.contains('register-form')) { field.value = nonces['ajax_register'] || field.value; continue; } // Lost Password form kontrolü if (form.id === 'lostpassword' || form.classList.contains('lostpassword-form')) { field.value = nonces['ajax_lostpass'] || field.value; continue; } } // Fresh nonce varsa replace et if (nonces[actionName]) { field.value = nonces[actionName]; } else if (nonces['default']) { field.value = nonces['default']; } } // Debug log (production'da disable edilmeli) if (window.console && console.log && stCacheNonce.debug === '1') { console.log('ST Cache: HTML Nonces refreshed', nonces); } } /** * JavaScript nonce objelerini güncelle * CRITICAL FIX: STMovie themes - window.STMOVIE_AJAX.nonces refresh * * @param {Object} nonces Fresh nonce'ler (action => nonce) */ function updateJavascriptNonces(nonces) { // STMovie v2 nonce objesini güncelle if (typeof window.STMOVIE_AJAX !== 'undefined' && window.STMOVIE_AJAX.nonces) { var mapping = { 'search': 'dt_ajax_search', 'video': 'video_nonce', 'auth': 'starstruck', 'top_imdb': 'top_imdb', 'pagination': 'pagination' }; for (var key in mapping) { if (nonces[mapping[key]]) { window.STMOVIE_AJAX.nonces[key] = nonces[mapping[key]]; } } } // STMovie v1 Theme - dtGonza (live search API nonce) if (typeof window.dtGonza !== 'undefined' && nonces['dtgonza']) { window.dtGonza.nonce = nonces['dtgonza']; } // STMovie v1 Theme - ss_l18n (AJAX operations nonce) if (typeof window.ss_l18n !== 'undefined' && nonces['ss_l18n']) { window.ss_l18n.nonce = nonces['ss_l18n']; } // Debug log if (window.console && console.log && stCacheNonce.debug === '1') { console.log('ST Cache: JavaScript Nonces refreshed', { STMOVIE_AJAX: window.STMOVIE_AJAX ? window.STMOVIE_AJAX.nonces : null, dtGonza: window.dtGonza ? window.dtGonza.nonce : null, ss_l18n: window.ss_l18n ? window.ss_l18n.nonce : null }); } } })();