Opened 7 years ago
Closed 6 years ago
#43570 closed defect (bug) (fixed)
preview draft access denied html status code is 500 instead of 401
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Milestone: | 5.1 | Priority: | normal |
| Severity: | normal | Version: | 2.7 |
| Component: | Posts, Post Types | Keywords: | has-patch |
| Focuses: | Cc: |
Description
When logged out attempting to view an edit post 'preview changes' link (i.e. link with ending like ?preview_id=7954&preview_nonce=5fd05f823e&post_format=standard&_thumbnail_id=7963&preview=true) shows;
"Sorry, you are not allowed to preview drafts."
Which is correct, however the HTML status code returned is 500 (internal server error), whereas I believe it should actually be 401 (unauthorized).
Another option would be to have it the same as the edit post link which redirects to login page for non-logged in users.
Easy way to test is to edit a post, click on 'preview changes' then copy paste the preview url into a new private browsing window.
The reason this is relevant is Google Search Console/Webmaster tools reports this as an error in site crawls.
Attachments (1)
Change History (10)
#1
@
7 years ago
I used this tool to submit a potential fix;
https://wptavern.com/submit-pull-requests-to-wordpress-core-with-the-github-to-patch-utility
https://rmccue.io/patch/
#3
@
7 years ago
- Component changed from General to Posts, Post Types
- Milestone changed from Awaiting Review to 5.0
- Owner set to johnbillion
- Status changed from new to reviewing
Thanks for the patch @graymouser, and welcome to WordPress Trac!
#7
@
6 years ago
- Milestone changed from 5.0.3 to 5.1
- Version changed from 4.9.4 to 2.7
The response code can also be defined as the second argument of wp_die(), see [30355]. Maybe 400 would be a better code since authorisation isn't checked here.
Patch from https://github.com/WordPress/WordPress/pull/353