Make WordPress Core

Opened 7 years ago

Last modified 5 years ago

#43681 new defect (bug)

Incorrect HTTP status code in 'posts' query.

Reported by: demitrimuna's profile demitrimuna Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.4
Component: REST API Keywords: has-patch needs-testing
Focuses: rest-api Cc:

Description

I am using the WordPress (v4.9.4) JSON API, specifically this URL:

http://.../wp-json/wp/v2/posts

This works great. When I request a 'status':

http://.../wp-json/wp/v2/posts?status=draft

I get this error:

{
    "data": {
        "status": 400,
        "params": {
            "status": "Status is forbidden."
        }
    },
    "code": "rest_invalid_param",
    "message": "Invalid parameter(s): status"
}

It took me a bit to realize that the problem is not that the request (or status keyword) is in valid, but that requesting drafts requires authentication.

I'd like to request that HTTP status 401 (unauthorized) be returned instead of 400 (bad request). The request is not bad, just requires authentication.

Attachments (1)

43681.diff (5.8 KB) - added by davidhernando 6 years ago.
Changes status 400 with 401 for unauthorized requests. keeps status 400 for wrong requests.

Download all attachments as: .zip

Change History (5)

#1 @danieltj
7 years ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release
  • Type changed from enhancement to defect (bug)
  • Version changed from 4.9.4 to 4.4

Converting to a bug considering the wrong HTTP status code is being returned here.

From a quick glance it seems as if a few errors are defaulting to a 400 error code.

#2 @dontgo2sleep
6 years ago

I am on it :)

@davidhernando
6 years ago

Changes status 400 with 401 for unauthorized requests. keeps status 400 for wrong requests.

#3 @davidhernando
6 years ago

Some unit tests that had assertions checking returned status code was 400 have been changed to check that returned status code is 401.

#4 @johnbillion
5 years ago

  • Keywords has-patch needs-testing added; needs-patch removed
Note: See TracTickets for help on using tickets.