[wp-trac] [WordPress Trac] #43681: Incorrect HTTP status code in 'posts' query.
WordPress Trac
noreply at wordpress.org
Tue Jun 24 16:32:56 UTC 2025
#43681: Incorrect HTTP status code in 'posts' query.
-------------------------------------------------+-------------------------
Reporter: demitrimuna | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Future
| Release
Component: REST API | Version: 4.4
Severity: normal | Resolution:
Keywords: has-patch has-unit-tests has-test- | Focuses: rest-api
info needs-testing has-screenshots |
-------------------------------------------------+-------------------------
Comment (by krupajnanda):
**Update**
== Test Report
=== Description
This report validates that the indicated patch works as expected.
Patch tested: https://github.com/WordPress/wordpress-develop/pull/8991
=== Environment
- WordPress: 6.9-alpha-60093-src
- PHP: 8.2.15
- Server: nginx/1.25.3
- Database: mysqli (Server: 8.4.5 / Client: mysqlnd 8.2.15)
- Browser: Chrome 137.0.0.0
- OS: macOS
- Theme: Twenty Twenty-Five 1.2
- MU Plugins: None activated
- Plugins:
* PublishPress Capabilities 2.19.2
* Test Reports 1.2.0
=== Actual Results
โ
Issue resolved with patch.
=== ๐งช Final Verification Scenarios
1. **User with read_private_posts capability requesting status=private**
- Result: 200 OK โ private posts retrieved
2. **Authenticated regular user requesting status=private**
- Result: 403 Forbidden โ "Sorry, you are not allowed to list non-
published posts in this post type"
3. **User with read_private_posts capability requesting status=draft**
- Result: 403 Forbidden
4. **Unauthenticated request for any non-public post status**
- Result: 401 Unauthorized
=== Supplemental Artifacts
Add as Attachment
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43681#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list