Make WordPress Core

Opened 3 months ago

Last modified 3 months ago

#43570 reviewing defect (bug)

preview draft access denied html status code is 500 instead of 401

Reported by: graymouser Owned by: johnbillion
Milestone: 5.0 Priority: normal
Severity: normal Version: 4.9.4
Component: Posts, Post Types Keywords: has-patch
Focuses: Cc:


When logged out attempting to view an edit post 'preview changes' link (i.e. link with ending like ?preview_id=7954&preview_nonce=5fd05f823e&post_format=standard&_thumbnail_id=7963&preview=true) shows;

"Sorry, you are not allowed to preview drafts."

Which is correct, however the HTML status code returned is 500 (internal server error), whereas I believe it should actually be 401 (unauthorized).

Another option would be to have it the same as the edit post link which redirects to login page for non-logged in users.

Easy way to test is to edit a post, click on 'preview changes' then copy paste the preview url into a new private browsing window.

The reason this is relevant is Google Search Console/Webmaster tools reports this as an error in site crawls.

Attachments (1)

43570.diff (544 bytes) - added by graymouser 3 months ago.
Patch from https://github.com/WordPress/WordPress/pull/353

Download all attachments as: .zip

Change History (4)

#2 @graymouser
3 months ago

  • Keywords has-patch added

#3 @johnbillion
3 months ago

  • Component changed from General to Posts, Post Types
  • Milestone changed from Awaiting Review to 5.0
  • Owner set to johnbillion
  • Status changed from new to reviewing

Thanks for the patch @graymouser, and welcome to WordPress Trac!

Note: See TracTickets for help on using tickets.