diff --git a/files/routes/wrappers.py b/files/routes/wrappers.py
index 00016af4d..a365a53d4 100644
--- a/files/routes/wrappers.py
+++ b/files/routes/wrappers.py
@@ -41,9 +41,6 @@ def get_logged_in_user():
 			else:
 				session.pop("lo_user")
 
-	g.is_api = v and v.client
-	g.is_api_or_xhr = bool(g.is_api or request.headers.get("xhr"))
-
 	if request.method.lower() != "get" and get_setting('read_only_mode') and not (v and v.admin_level >= PERMS['SITE_BYPASS_READ_ONLY_MODE']):
 		abort(403)
 
@@ -70,8 +67,10 @@ def get_logged_in_user():
 					t = time.strftime("%d/%B/%Y %H:%M:%S UTC", time.gmtime(time.time()))
 					log_file(f'@{v.username}, {v.truescore}, {ip}, {t}\n', 'eg.log')
 	
-	if not g.is_api:
-		g.nonce = secrets.token_urlsafe(16)
+	g.is_api_or_xhr = bool((v and v.client) or request.headers.get("xhr"))
+
+	if not g.is_api_or_xhr:
+		g.nonce = secrets.token_urlsafe(31)
 
 	return v