Home / Questions / Issues / Missing 403 status header for ‘not allowed’ question page

Missing 403 status header for ‘not allowed’ question page

376 viewsIssuesprivate questions
0

includes/common-pages.php:127 sets 403 status header if user has no permission to view private question, which is good. But afterwards the hook ‘ap_template_include’ fires and function ‘template_include_theme_compat’ from includes/class-theme.php is called, which calls ‘ap_theme_compat_reset_post’ from includes/theme.php, where status header is set back to 200 at line 1156.
I believe that check in previous line ! $wp_query->is_404() should be changed, because there’s at least 403 status possible too.
Whould you mind to fix this in next release?

Answered question

2 Answers

0
17 0 Comments

The current check using ! $wp_query->is_404() is too limited, as it doesn’t account for other valid non-200 statuses like 403. Since the 403 header is correctly set earlier when access is denied, it shouldn’t be overwritten back to 200 later in HCTRA

Edited answer
You are viewing 1 out of 2 answers, click here to view all answers.

Resources

FAQ Frequently Asked Questions.
Getting Started Learn the basics to get your WordPress project up and running.
Updates Everything you need to know about updating AnsPress.
Functions AnsPress functions
Hooks AnsPress actions and filters
Classes AnsPress classes
Methods AnsPress methods