Make WordPress Core

Opened 4 years ago

Last modified 4 years ago

#46296 new defect (bug)

Posts set to 'private' and password protected should return a 403 HTTP header status

Reported by: jonoaldersonwp's profile jonoaldersonwp Owned by:
Milestone: Awaiting Review Priority: normal
Severity: minor Version:
Component: Posts, Post Types Keywords: seo
Focuses: Cc:

Description

These currently output a 200 status, which may result in search engines and external agents indexing them.

If the user doesn't have access permissions, a 403 header status should be returned.

https://ci3.googleusercontent.com/proxy/1s4a4RyK3Oxal9c6hENPJ8kBEsn7Dc3AnwjdTUsFPg-Yg2Eb5PSOTCZWzm6v6CM3Jb_F7Oerojh9MPVkkivaxGdsuITKENP-D7FbF8a9JDFDFH-D77zEKyKXnHM3nqHrtOgMFCrg68sS4j1HtnO5m3j3PQaA=s0-d-e1-ft#https://user-images.githubusercontent.com/487629/53154266-af22e680-35ba-11e9-9f4e-eb520634ffff.png

Change History (2)

#1 @earnjam
4 years ago

Private returns a 404. See #23407

Based on the screenshot I think you specifically mean password protected pages?

#2 @jonoaldersonwp
4 years ago

  • Summary changed from Posts set to 'private' should return a 403 HTTP header status to Posts set to 'private' and password protected should return a 403 HTTP header status

Ah, yes. Good clarification, ty.

Note: See TracTickets for help on using tickets.