Opened 6 weeks ago
Last modified 6 weeks ago
#64045 new defect (bug)
/wp-json/wp/v2/menus incorrectly emits 403 for invalid `post` param
| Reported by: |
|
Owned by: | |
|---|---|---|---|
| Milestone: | Awaiting Review | Priority: | normal |
| Severity: | normal | Version: | 6.8.2 |
| Component: | REST API | Keywords: | has-patch |
| Focuses: | Cc: |
Description
This endpoint expects the post param to be the Post ID for a nav_menu_item, but if the Post ID for a post/page/etc is provided the following response is returned:
{
"code": "rest_forbidden_context",
"message": "Sorry, you are not allowed to view terms for this post.",
"data": {
"status": 403
}
}
It should probably look more like:
{
"code": "rest_post_invalid_type",
"message": "Invalid post type.",
"data": {
"status": 400
}
}
Change History (1)
This ticket was mentioned in PR #10058 on WordPress/wordpress-develop by @jkmassel.
6 weeks ago
#1
- Keywords has-patch added
Note: See
TracTickets for help on using
tickets.
The
wp/v2/menusAPI will return a 403 if thepostparameter refers to apostobject that isn’t anav_menu_item. This isn’t a permissions issue – it’s just an invalid request, and the response should reflect that.Trac ticket: https://core.trac.wordpress.org/ticket/64045