Make WordPress Core


Ignore:
Timestamp:
12/30/2017 08:36:25 PM (7 years ago)
Author:
rachelbaker
Message:

REST API: Return the proper status code for failed permission callbacks in WP_REST_Server->dispatch().

Use the rest_authorization_required_code() function to return a 401 status code when a permission callback fails due to a user not being logged in.

Props jaswrks.
Fixes #42828.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/wp-includes/rest-api/class-wp-rest-server.php

    r42343 r42421  
    916916                            $response = $permission;
    917917                        } elseif ( false === $permission || null === $permission ) {
    918                             $response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => 403 ) );
     918                            $response = new WP_Error( 'rest_forbidden', __( 'Sorry, you are not allowed to do that.' ), array( 'status' => rest_authorization_required_code() ) );
    919919                        }
    920920                    }
Note: See TracChangeset for help on using the changeset viewer.