Opened 6 years ago
Last modified 15 months ago
#46296 new defect (bug)
Posts set to 'private' and password protected should return a 403 HTTP header status
Reported by: | jonoaldersonwp | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | minor | Version: | |
Component: | Posts, Post Types | Keywords: | seo has-patch |
Focuses: | Cc: |
Attachments (1)
Change History (6)
#2
@
6 years ago
- Summary changed from Posts set to 'private' should return a 403 HTTP header status to Posts set to 'private' and password protected should return a 403 HTTP header status
Ah, yes. Good clarification, ty.
#3
@
15 months ago
@jonoaldersonwp what do you say to
I disagree with this specifically - privately published posts should not be "known" to anybody who shouldn't have access. Returning a 403 instead of 404 would make it known.
by @helen (https://core.trac.wordpress.org/ticket/29829#comment:2)
and
Private is not meant to be "you need an account" private. It is meant to be "it doesn't exist" private. Let's not tip our hats with a 403.
by @nacin (https://core.trac.wordpress.org/ticket/23407#comment:4)
Note: See
TracTickets for help on using
tickets.
Private returns a 404. See #23407
Based on the screenshot I think you specifically mean password protected pages?