[wp-trac] [WordPress Trac] #25446: Return HTTP status code 401 upon failed login
WordPress Trac
noreply at wordpress.org
Sun Jan 19 04:08:46 UTC 2014
#25446: Return HTTP status code 401 upon failed login
-------------------------+------------------------------
Reporter: raoulbhatia | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: General | Version: 3.6
Severity: normal | Resolution:
Keywords: has-patch |
-------------------------+------------------------------
Comment (by rmccue):
401 is the correct error to return here. 403 means you don't have access
to the resource, 401 means you need to authenticate.
401 should work fine in terms of the standard, since it's not just for
Basic authentication. To be really compliant, we can also send a WWW-
Authenticate header, which should probably look something like:
{{{
WWW-Authenticate: WordPress location="http://example.com/wp-login.php"
}}}
(There's no real standard for what the header should look like, but it's
usually "<scheme> <scheme specific parts>")
--
Ticket URL: <https://core.trac.wordpress.org/ticket/25446#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list