Incorrect use of HTTP status code 500
|Reported by:||runeh||Owned by:||westi|
When trying to log in using a wrong username or password, Wordpress issues an HTTP 500 status code, and the request body states that wrong credentials has been supplied. As I am sure you know, 500 means Internal Server Error. A more suitable status code to use would be 403 (Forbidden).
The 500 status code is also issued when submitting an empty username or password. I think 400 (Bad Request) would be a better fit. Both of these errors are made by the user, not the server, so it stands to reason that the status codes should be in the 400 range.
I also noted that a 500 status code is issued if a user is commenting to quickly (as an anti-spam measure). I'm not convinced that 500 is the correct status to use, however I'm unsure about which status fits best.
Fixing these issues will make Wordpress behave more semantically correct with regards to the HTTP protocol.
Change History (3)
- Keywords needs-patch added
- Owner changed from anonymous to westi
- Status changed from new to assigned