wp_verify_nonce () via REST retourne toujours faux

J'essaie de créer et de vérifier nonce, et je l'ai fait presque de la manière décrite dans wp_create_nonce .

Je crois que c'est lié à REST api, mais vous ne savez pas où chercher?

Comment je crée nonce:

(J'ai une fonction REST qui renvoie des codes pour élaborer du code HTML, qui établit correctement le code HTML, où la valeur résultante de wp_create_nonce () s'est correctement remplie)

/***
 * Display customers/vendors in table format
 ***/

if( !function_exists( 'fnc_view_customer_vendor_in_table_format' ) ) {
    /**
     * @param WP_REST_Request $request
     * @return mixed|string|void
     */
    function fnc_view_customer_vendor_in_table_format(WP_REST_Request $request ) {

        $_search_name = $request['_search_name'];
        $_posttype = $request['_posttype'];

        if( $_posttype == null ) {
            $result = array( 'msg' => 'ERROR: Please try again', 'error' => true );
            return json_encode( $result );
        }

        $data = '<table class="table widefat table-striped">';
        $data .= '<thead>';
        $data .= '<tr>';
        $data .= '<th class="col-name">Name</th>';
        $data .= '<th class="col-phone">Phone</th>';
        $data .= '<th class="col-email">Fax</th>';
        $data .= '<th class="col-email">Email</th>';
        $data .= '<th class="col-website">Website</th>';
        $data .= '<th class="col-action">Actions</th>';
        $data .= '</tr>';
        $data .= '</thead>';
        $data .= '<tbody>';

        $args = array(
            'post_type' => $_posttype,
            'post_status' => 'publish',
            'posts_per_page' => -1
        );

        if( $_search_name ) {
            $search_args = array(
                's' => $_search_name
            );
            $args = wp_parse_args( $args, $search_args );
        }

        $posts = get_posts( $args );

        $del_page = get_permalink( fnc_get_id_by_slug_and_posttype( 'delete-instance', 'page' ) );

        foreach( $posts as $post ) :

            $post_type = get_post_type( $post->ID );

            $data .= '<tr>';

            $data .= '<th class="col-name">';
            $data .= get_the_title( $post->ID );
            $data .= '</th>';

            $data .='<th class="col-phone">';
            $data .= get_post_meta( $post->ID, '_phone', true );
            $data .= '</th>';

            $data .= '<th class="col-fax">';
            $data .= get_post_meta( $post->ID, '_fax', true );
            $data .= '</th>';

            $data .= '<th class="col-email">';
            $data .= get_post_meta( $post->ID, '_email', true );
            $data .= '</th>';

            $data .= '<th class="col-website">';
            $data .= '<a href="'.get_post_meta( $post->ID, '_website', true ).'" target = "_new">';
            $data .= get_post_meta( $post->ID, '_website', true );
            $data .= '</a>';
            $data .= '</th>';

            $data .='<th class="col-action">';
            $data .='<div class="col-action-btn">';
            $data .='<div class="col-action-edit">';
            $data .='<form action="' . get_permalink( $post->ID ) . '" id="form-edit" name="form-edit" method="post">';
            $data .='<!-- Noncename needed to verify where the data originated -->';
            $data .= '<input type="hidden" id="_wpnonce" name="_wpnonce" value="'. wp_create_nonce( 'edit_post-'. $post->ID ) .'" />';
            $data .= '<input type="hidden" name="_wp_http_referer" value="/test/lists/view-vendors" />';
            $data .= '<input type="hidden" id="post_id" name="post_id" value="'. $post->ID .'" />';
            $data .='<input type="hidden" name="mode" value="edit">';
            $data .='<input type="submit" class="btn btn-small" value="Edit">';
            $data .='</form>';
            $data .='</div>';
            /*
            $data .='<div class="col-action-delete">';
            $data .= '<form action="' . $del_page . '" id="form-delete" name="form-delete" method="post"  />';
            $data .= '<!-- Noncename needed to verify where the data originated -->';
            $data .= '<input type="hidden" id="_wpnonce" name="_wpnonce" value="'. wp_create_nonce() .'" />';
            $data .='<input type="hidden" name="mode" value="delete" />';
            $data .='<input type="hidden" name="del_post_id" value=" ' .$post->ID . '" />';
            $data .='<input type="hidden" name="del_post_type" value=" ' .$post_type . '" />';
            $data .='<input type="submit" class="btn btn-small" value="Delete" />';
            $data .='</form>';
            */
            $data .= '</th>';

            $data .= '</tr>';

        endforeach;

        $data .= '</tbody>';
        $data .= '</table>';

        $result = array( 'msg' => $data, 'error' => false );

        return json_encode( $result );

    }
}

Comment je valide nonce:

  // Nonce from other pages
  $nonce = $_REQUEST['_wpnonce'];
  $post_id = $_REQUEST['post_id'];

  print_r( $_POST );
  // prints Array ( [_wpnonce] => 47f80a1859 [_wp_http_referer] => /test/lists/view-vendors [post_id] => 19793 [mode] => edit )
  echo '<br/>';
  echo '<br/>';

  var_dump( wp_verify_nonce( $nonce, 'edit_post-'. $post_id ) );
  // prints bool(false)
  echo '<br/>';
  echo '<br/>';

    if ( !wp_verify_nonce( $nonce, 'edit_post-'. $post_id ) ) {

        print $GLOBALS['doumi']['nonce_fail_msg'];
        echo '</main></div>';
        get_footer();
        die();

    }