WordPress.org

Make WordPress Core

Opened 19 months ago

Last modified 5 months ago

#43681 new defect (bug)

Incorrect HTTP status code in 'posts' query.

Reported by: demitrimuna Owned by:
Milestone: Future Release Priority: normal
Severity: normal Version: 4.4
Component: REST API Keywords: has-patch needs-testing
Focuses: rest-api Cc:
PR Number:

Description

I am using the WordPress (v4.9.4) JSON API, specifically this URL:

http://.../wp-json/wp/v2/posts

This works great. When I request a 'status':

http://.../wp-json/wp/v2/posts?status=draft

I get this error:

{
    "data": {
        "status": 400,
        "params": {
            "status": "Status is forbidden."
        }
    },
    "code": "rest_invalid_param",
    "message": "Invalid parameter(s): status"
}

It took me a bit to realize that the problem is not that the request (or status keyword) is in valid, but that requesting drafts requires authentication.

I'd like to request that HTTP status 401 (unauthorized) be returned instead of 400 (bad request). The request is not bad, just requires authentication.

Attachments (1)

43681.diff (5.8 KB) - added by davidhernando 13 months ago.
Changes status 400 with 401 for unauthorized requests. keeps status 400 for wrong requests.

Download all attachments as: .zip

Change History (5)

#1 @danieltj
19 months ago

  • Keywords needs-patch added
  • Milestone changed from Awaiting Review to Future Release
  • Type changed from enhancement to defect (bug)
  • Version changed from 4.9.4 to 4.4

Converting to a bug considering the wrong HTTP status code is being returned here.

From a quick glance it seems as if a few errors are defaulting to a 400 error code.

#2 @dontgo2sleep
13 months ago

I am on it :)

@davidhernando
13 months ago

Changes status 400 with 401 for unauthorized requests. keeps status 400 for wrong requests.

#3 @davidhernando
13 months ago

Some unit tests that had assertions checking returned status code was 400 have been changed to check that returned status code is 401.

#4 @johnbillion
5 months ago

  • Keywords has-patch needs-testing added; needs-patch removed
Note: See TracTickets for help on using tickets.