WordPress.org

Make WordPress Core

Opened 12 months ago

Closed 11 months ago

Last modified 8 months ago

#41269 closed defect (bug) (fixed)

AJAX hook URL returns 200 when bad/missing action

Reported by: ryanrolds Owned by: johnbillion
Milestone: 4.9 Priority: normal
Severity: normal Version:
Component: Administration Keywords: has-patch
Focuses: Cc:

Description

When requesting /wp-admin/admin-ajax.php with an invalid/missing action the response has a status code of 200, which indicates a successful request. A 400 response with a reason would be more fitting.

Attachments (1)

41269.1.patch (511 bytes) - added by ayeshrajans 12 months ago.

Download all attachments as: .zip

Change History (5)

#1 @ayeshrajans
12 months ago

Hi @ryanrolds. I'm not a core maintainer and I hope one of them will reply to this ticket soon. I also think an appropriate error response code makes sense.

I went ahead and made some changes so that invalid/forged admin-ajax.php requests die with a 400 error code. It will still print 0 to the screen (for compatibility).

Attaching patch. Link to tests: https://travis-ci.org/Ayesh/wordpress-develop/builds/251543055

Last edited 12 months ago by ayeshrajans (previous) (diff)

#2 @johnbillion
11 months ago

  • Component changed from Plugins to Administration
  • Keywords has-patch added
  • Milestone changed from Awaiting Review to 4.9
  • Owner set to johnbillion
  • Status changed from new to reviewing
  • Version 4.8 deleted

#3 @johnbillion
11 months ago

  • Resolution set to fixed
  • Status changed from reviewing to closed

In 41120:

Administration: Send an appropriate HTTP response status code when an invalid action is passed to admin-ajax.php.

Props ryanrolds, ayeshrajans

Fixes #41269

This ticket was mentioned in Slack in #core by clorith. View the logs.


8 months ago

Note: See TracTickets for help on using tickets.