[wp-trac] [WordPress Trac] #38691: REST API: Hide schema/args for site-customized endpoints unless authenticated

WordPress Trac noreply at wordpress.org
Tue Nov 8 21:43:12 UTC 2016


#38691: REST API: Hide schema/args for site-customized endpoints unless
authenticated
-------------------------+------------------------------
 Reporter:  jnylen0      |       Owner:
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  REST API     |     Version:  trunk
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:
-------------------------+------------------------------
Changes (by jnylen0):

 * type:  defect (bug) => enhancement


Comment:

 I thought about this some more, and I think we should avoid adding more
 calls to `permission_callback` etc.

 Also, if a site registers settings that are sensitive enough where the
 public existence of their name and description is a concern, they should
 probably be set to `'show_in_rest' => false`.  If they still need to be
 set via the API, they should live in a separate endpoint with
 `'show_in_index' => false`.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/38691#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list