[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login
WordPress Trac
noreply at wordpress.org
Tue Dec 3 19:38:58 UTC 2013
#25446: Return HTTP status code 401 upon failed login
-------------------------+------------------------------
Reporter: raoulbhatia | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.6
Severity: normal | Resolution:
Keywords: |
-------------------------+------------------------------
Comment (by HypertextRanch):
I'm not sure 401 is the appropriate status code here. Per
[http://www.faqs.org/rfcs/rfc2616.html RFC2616] the response code appears
to be reserved for HTTP auth only:
> 10.4.2 401 Unauthorized
>
> The request requires user authentication. The response MUST include a
> WWW-Authenticate header field (section 14.47) containing a challenge
> applicable to the requested resource. The client MAY repeat the
> request with a suitable Authorization header field (section 14.8)...
If we must return a non 200 response 400 seems the most applicable
although I'm not sure if a wrong username/password combination should be
considered "malformed syntax".
--
Ticket URL: <http://core.trac.wordpress.org/ticket/25446#comment:3>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list