[wp-trac] [WordPress Trac] #35527: Incorrect status code used for generic REST error
WordPress Trac
noreply at wordpress.org
Tue Jan 19 17:14:11 UTC 2016
#35527: Incorrect status code used for generic REST error
--------------------------------------+------------------
Reporter: danielbachhuber | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 4.5
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests | Focuses:
--------------------------------------+------------------
Comment (by danielbachhuber):
Actually, I'm not sure about my proposed change.
401 says:
> The request requires user authentication. The response MUST include a
WWW-Authenticate header field (section 14.47) containing a challenge
applicable to the requested resource.
403 says:
> The server understood the request, but is refusing to fulfill it.
Authorization will not help and the request SHOULD NOT be repeated.
Because this is a generic error handler, 403 is likely more correct than
401, because we can't know the request actually requires user
authentication.
A safer approach would be to ensure we're always using `WP_Error` objects
in the plugin, instead of returning `false` for permission checks.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/35527#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list