Opened 7 weeks ago
Last modified 7 weeks ago
#61907 new enhancement
Make oembed_invalid_url return 400 instead of 404
Reported by: | leedxw | Owned by: | |
---|---|---|---|
Milestone: | Awaiting Review | Priority: | normal |
Severity: | normal | Version: | |
Component: | REST API | Keywords: | has-patch |
Focuses: | Cc: |
Description
In wp-includes/class-wp-oembed-controller.php
the error response for an invalid url is a 404.
return new WP_Error( 'oembed_invalid_url', get_status_header_desc( 404 ), array( 'status' => 404 ) );
Please consider changing this to a 400.
The oembed endpoint seems to be an absolute magnet for unauthorised vulnerability checking, and from the webserver logs we can't see the difference between oembed_invalid_url
and a legitimate request that also returns a 404.
Change History (1)
This ticket was mentioned in PR #7227 on WordPress/wordpress-develop by @narenin.
7 weeks ago
#1
- Keywords has-patch added
Note: See
TracTickets for help on using
tickets.
Trac ticket: https://core.trac.wordpress.org/ticket/61907