We’ve just released a fix for Acorn addressing an issue where the HTTP response on WordPress routes could incorrectly return a 200
status, even when another status code such as 404
is expected.
Affected Versions
This bug impacts:
- Acorn v5 Alpha & Beta 0: All users of v5 are affected and are urged to upgrade to the latest beta release.
- Acorn v4 with Experimental WordPress Request Handler: Users who have opted into the experimental
ACORN_ENABLE_EXPERIMENTAL_WORDPRESS_REQUEST_HANDLER
flag are affected and are urged to upgrade to v4.3.1.
What’s the Issue?
When Acorn’s WordPress request handler is active, Acorn registers a wildcard {any?}
route with Laravel’s router to dynamically handle WordPress requests.
With {any?}
making any requested path technically a valid route, the Response
instance would always default to a 200
status code even in cases where another status code is expected. This lead to things such as 404 pages always returning a 200
status code.
Next Steps
- Upgrade: We highly recommend updating as soon as possible to ensure your application correctly handles HTTP response statuses.