Please sign in to comment.
Return a 403 for unauthorised 'format=text' requests.
The Release plugin sends requests to the site with Accept: text/plain in the header. If the user publishing a plugin didn't have the required permission, the site would send a redirect to the 'not authorised' page - not particularly helpful for the Release plugin. It now sends a 403 for such requests.
- Loading branch information...
Showing with 5 additions and 0 deletions.