caldera_forms_verification_token_failed

The Caldera globe logo with the words Caldera Forms below it

This action was added in Caldera Forms 1.5.0

This action fires when form submission was rejected beacuse verification of security token (as of Caldera Forms 1.5 this is a WordPress nonce) could not be validated. This token must be validated to prevent cross-site request forgery (CSRF) attacks. If this action is firing on your site, it could be a sign that you are caching the page with your form for longer than the WordPress¬†nonce length (defaults to 12 hours.) It could also indicate a problem with your server’s time settings.

Here is an example to send an alert, via email when this verification fails:

You could also use this action to trigger a fall back system or your own submission processing that assumed verification would fail.

 

Notes:

  • Verifier token should be in field name “_cf_verify” and submitted in POST key of same name.
  • Verifier tokens are created using Caldera_Forms_Render_Nonce::create_verify_nonce()
  • Verifier tokens are linked to form ID.

Where Does This Code Go?

When using WordPress hooks to customize Caldera Forms or other plugins you should not modify the plugin files, or you will lose your changes when you update the plugin. Instead you should create a small plugin to hold the custom code. It's easy, learn how here.

Technically you can add the custom code to your theme's functions.php, but then you will not be able to change your theme and keep these customizations.

Learn More