Make WordPress Core

Opened 4 years ago

Closed 4 years ago

Last modified 4 years ago

#41269 closed defect (bug) (fixed)

AJAX hook URL returns 200 when bad/missing action

Reported by: ryanrolds Owned by: johnbillion
Milestone: 4.9 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch
Focuses: Cc:


When requesting /wp-admin/admin-ajax.php with an invalid/missing action the response has a status code of 200, which indicates a successful request. A 400 response with a reason would be more fitting.

Attachments (1)

41269.1.patch (511 bytes) - added by ayeshrajans 4 years ago.

Download all attachments as: .zip

Change History (5)

#1 @ayeshrajans
4 years ago

Hi @ryanrolds. I'm not a core maintainer and I hope one of them will reply to this ticket soon. I also think an appropriate error response code makes sense.

I went ahead and made some changes so that invalid/forged admin-ajax.php requests die with a 400 error code. It will still print 0 to the screen (for compatibility).

Attaching patch. Link to tests: https://travis-ci.org/Ayesh/wordpress-develop/builds/251543055

Last edited 4 years ago by ayeshrajans (previous) (diff)

4 years ago

#2 @johnbillion
4 years ago

  • Component changed from Plugins to Administration
  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 4.9
  • Owner set to johnbillion
  • Status changed from new to reviewing
  • Version 4.8 deleted

#3 @johnbillion
4 years ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 41120:

Administration: Send an appropriate HTTP response status code when an invalid action is passed to admin-ajax.php.

Props ryanrolds, ayeshrajans

Fixes #41269

This ticket was mentioned in Slack in #core by clorith. View the logs.

4 years ago

Note: See TracTickets for help on using tickets.