fix: Store API tokenized cart nonce verification

[frosso]

Changes proposed in this Pull Request

Here we realized some weird behavior with the tokenized cart PRBs when a block-based theme was used.

Every POST Store API request was throwing a woocommerce_rest_invalid_nonce error code.
It turns out that the behavior is due to this middleware, altering each Store API requests.

Checked in here with Team Rubik: p1715950599536899-slack-C02TS23QJ1X
They suggested we could skip nonce validations when a Cart-Token header is present ( woocommerce/woocommerce#42341 ).

I am keeping the nonce validation, but instead overwriting the nonce on the server-side, before the request is processed.

Testing instructions

• Enable the "Enable Cart-Token implementation for PRBs" flag in your dev tools (you'll need to update them)
• Ensure you have Google Pay/Apple Pay enabled in the merchant's settings
• Ensure you have a block-based theme installed on your site
• Go to a product page on your site
• Open the browser's network requests
  • You shouldn't see 403 error codes due to invalid nonces

---

• Run npm run changelog to add a changelog file, choose patch to leave it empty if the change is not significant. You can add multiple changelog files in one PR by running this command a few times.
• Covered with tests (or have a good reason not to test in description ☝️)
• Tested on mobile (or does not apply)

Post merge

• Link to testing instructions from release testing doc following these instructions : Add link here / 'QA Testing Not Applicable'
• Add or update critical flows and testing instructions for critical flows, if applicable.
• Add what's changed (description, screenshot, demo videos etc.) to the release announcement post, if applicable.

[botwoo]

Test the build

Option 1. Jetpack Beta

• Install and activate Jetpack Beta.
• Use this build by searching for PR number 8840 or branch name fix/store-api-tokenized-cart-nonce-verification in your-test.site/wp-admin/admin.php?page=jetpack-beta&plugin=woocommerce-payments

Option 2. Jurassic Ninja - available for logged-in A12s

🚀 Launch a JN site with this branch 🚀

ℹ️ Install this Tampermonkey script to get more options.

---

Build info:

• Latest commit: f721da3
• Build time: 2024-05-23 08:47:57 UTC

Note: the build is updated when a new commit is pushed to this PR.

[github-actions]

Size Change: +11 B (0%)

Total Size: 1.23 MB

Filename	Size	Change
release/woocommerce-payments/dist/tokenized-payment-request.js	6.24 kB	+11 B (0%)

ℹ️ View Unchanged

Filename	Size
release/woocommerce-payments/assets/css/admin.css	1.08 kB
release/woocommerce-payments/assets/css/admin.rtl.css	1.08 kB
release/woocommerce-payments/assets/css/success.css	172 B
release/woocommerce-payments/assets/css/success.rtl.css	172 B
release/woocommerce-payments/dist/blocks-checkout-rtl.css	2.07 kB
release/woocommerce-payments/dist/blocks-checkout.css	2.07 kB
release/woocommerce-payments/dist/blocks-checkout.js	50.4 kB
release/woocommerce-payments/dist/bnpl-announcement-rtl.css	530 B
release/woocommerce-payments/dist/bnpl-announcement.css	531 B
release/woocommerce-payments/dist/bnpl-announcement.js	20 kB
release/woocommerce-payments/dist/cart-block.js	15.3 kB
release/woocommerce-payments/dist/cart.js	4.46 kB
release/woocommerce-payments/dist/checkout-rtl.css	599 B
release/woocommerce-payments/dist/checkout.css	599 B
release/woocommerce-payments/dist/checkout.js	31.4 kB
release/woocommerce-payments/dist/express-checkout-rtl.css	155 B
release/woocommerce-payments/dist/express-checkout.css	155 B
release/woocommerce-payments/dist/express-checkout.js	3.55 kB
release/woocommerce-payments/dist/index-rtl.css	40.7 kB
release/woocommerce-payments/dist/index.css	40.7 kB
release/woocommerce-payments/dist/index.js	293 kB
release/woocommerce-payments/dist/multi-currency-analytics.js	1.05 kB
release/woocommerce-payments/dist/multi-currency-rtl.css	3.28 kB
release/woocommerce-payments/dist/multi-currency-switcher-block.js	59.5 kB
release/woocommerce-payments/dist/multi-currency.css	3.29 kB
release/woocommerce-payments/dist/multi-currency.js	54.7 kB
release/woocommerce-payments/dist/order-rtl.css	733 B
release/woocommerce-payments/dist/order.css	735 B
release/woocommerce-payments/dist/order.js	41.8 kB
release/woocommerce-payments/dist/payment-gateways-rtl.css	1.21 kB
release/woocommerce-payments/dist/payment-gateways.css	1.21 kB
release/woocommerce-payments/dist/payment-gateways.js	38.6 kB
release/woocommerce-payments/dist/payment-request-rtl.css	155 B
release/woocommerce-payments/dist/payment-request.css	155 B
release/woocommerce-payments/dist/payment-request.js	5.87 kB
release/woocommerce-payments/dist/product-details-rtl.css	398 B
release/woocommerce-payments/dist/product-details.css	402 B
release/woocommerce-payments/dist/product-details.js	11.1 kB
release/woocommerce-payments/dist/settings-rtl.css	11 kB
release/woocommerce-payments/dist/settings.css	10.9 kB
release/woocommerce-payments/dist/settings.js	201 kB
release/woocommerce-payments/dist/subscription-edit-page.js	669 B
release/woocommerce-payments/dist/subscription-product-onboarding-modal-rtl.css	527 B
release/woocommerce-payments/dist/subscription-product-onboarding-modal.css	527 B
release/woocommerce-payments/dist/subscription-product-onboarding-modal.js	19.4 kB
release/woocommerce-payments/dist/subscription-product-onboarding-toast.js	693 B
release/woocommerce-payments/dist/subscriptions-empty-state-rtl.css	120 B
release/woocommerce-payments/dist/subscriptions-empty-state.css	120 B
release/woocommerce-payments/dist/subscriptions-empty-state.js	18.5 kB
release/woocommerce-payments/dist/tokenized-payment-request-rtl.css	155 B
release/woocommerce-payments/dist/tokenized-payment-request.css	155 B
release/woocommerce-payments/dist/tos-rtl.css	235 B
release/woocommerce-payments/dist/tos.css	236 B
release/woocommerce-payments/dist/tos.js	21 kB
release/woocommerce-payments/dist/woopay-direct-checkout.js	4.83 kB
release/woocommerce-payments/dist/woopay-express-button-rtl.css	155 B
release/woocommerce-payments/dist/woopay-express-button.css	155 B
release/woocommerce-payments/dist/woopay-express-button.js	15.1 kB
release/woocommerce-payments/dist/woopay-rtl.css	4.25 kB
release/woocommerce-payments/dist/woopay.css	4.22 kB
release/woocommerce-payments/dist/woopay.js	69.4 kB
release/woocommerce-payments/includes/subscriptions/assets/css/plugin-page.css	622 B
release/woocommerce-payments/includes/subscriptions/assets/js/plugin-page.js	815 B
release/woocommerce-payments/vendor/automattic/jetpack-assets/build/i18n-loader.js	2.44 kB
release/woocommerce-payments/vendor/automattic/jetpack-assets/src/js/i18n-loader.js	1.01 kB
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/jetpack-sso-admin-create-user.css	196 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/jetpack-sso-admin-create-user.js	20 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/jetpack-sso-admin-create-user.rtl.css	196 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/jetpack-sso-login.css	627 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/jetpack-sso-login.js	20 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/jetpack-sso-login.rtl.css	628 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/jetpack-sso-users.js	390 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/tracks-ajax.js	522 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/dist/tracks-callables.js	581 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/src/sso/jetpack-sso-admin-create-user.css	214 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/src/sso/jetpack-sso-admin-create-user.js	523 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/src/sso/jetpack-sso-login.css	722 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/src/sso/jetpack-sso-login.js	408 B
release/woocommerce-payments/vendor/automattic/jetpack-connection/src/sso/jetpack-sso-users.js	517 B
release/woocommerce-payments/vendor/automattic/jetpack-identity-crisis/babel.config.js	160 B
release/woocommerce-payments/vendor/automattic/jetpack-identity-crisis/build/index.css	2.36 kB
release/woocommerce-payments/vendor/automattic/jetpack-identity-crisis/build/index.js	13.5 kB
release/woocommerce-payments/vendor/automattic/jetpack-identity-crisis/build/index.rtl.css	2.36 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/about.css	1.03 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/admin-empty-state.css	291 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/admin-order-statuses.css	403 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/admin.css	3.6 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/checkout.css	299 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/modal.css	742 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/view-subscription.css	572 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/css/wcs-upgrade.css	411 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/admin-pointers.js	544 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/admin.js	9.4 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/jstz.js	6.8 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/jstz.min.js	3.83 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/meta-boxes-coupon.js	544 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/meta-boxes-subscription.js	2.52 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/moment.js	22.1 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/moment.min.js	11.6 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/payment-method-restrictions.js	1.29 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/admin/wcs-meta-boxes-order.js	502 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/frontend/payment-methods.js	355 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/frontend/single-product.js	429 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/frontend/view-subscription.js	1.38 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/frontend/wcs-cart.js	781 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/modal.js	1.1 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/assets/js/wcs-upgrade.js	1.27 kB
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/build/index.css	392 B
release/woocommerce-payments/vendor/woocommerce/subscriptions-core/build/index.js	3.05 kB

_{compressed-size-action}

[mdmoore]

Thanks for helping me reproduce the issue associated with this fix. It works as described! 🚢