HTTP Status 405 on disabled should be 403
|Reported by:||MikeSchinkel||Owned by:||rmccue|
|Component:||JSON REST API||Keywords:|
The plugin currently serves 405 Method Not Allowed as an error code when the plugin is disabled. 405 is for when the wrong HTTP method is provided where methods are GET, POST, PUT, etc.:
A request was made of a resource using a request method not supported by that resource; for example, using GET on a form which requires data to be presented via POST, or using PUT on a read-only resource.
The proper status code to return should be 403 Forbidden:
A web server may return a 403 Forbidden HTTP status code in response to a request from a client for a web page or resource to indicate that the server can be reached and understood the request, but refuses to take any further action.