Opened 5 months ago
Last modified 3 months ago
#61907 new enhancement
Make oembed_invalid_url return 400 instead of 404
Reported by: | leedxw | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | Embeds | Keywords: | has-patch |
Focuses: | Cc: |
Description
In wp-includes/class-wp-oembed-controller.php
the error response for an invalid url is a 404.
return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );
Please consider changing this to a 400.
The oembed endpoint seems to be an absolute magnet for unauthorised vulnerability checking, and from the webserver logs we can't see the difference between oembed_invalid_url
and a legitimate request that also returns a 404.
Change History (2)
Note: See
TracTickets for help on using
tickets.
Trac ticket: https://core.trac.wordpress.org/ticket/61907