[wp-trac] [WordPress Trac] #38731: Allow publicly readable settings within WP_REST_Settings_Controller
WordPress Trac
noreply at wordpress.org
Wed Nov 9 13:20:08 UTC 2016
#38731: Allow publicly readable settings within WP_REST_Settings_Controller
-------------------------+-----------------------------
Reporter: davecpage | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
With `register_setting()` developers can expose a setting to appear within
REST queries on `/wp/v2/settings`. Very useful I thought for API only
based frontends. However though I agree that editing these settings is
limited to those authenticated users who have 'manage_options' it appears
that the reading of these settings is limited to the same.
Would it therefore be useful to allow exposing some/all of these settings
to unauthenticated users. Maybe with a `'public' => true` flag on each
setting so that this can be opt-in from a security point of view?
The alternative appears to be for developers to effectively duplicate the
WP_REST_Settings_Controller under a different namespace/endpoint exposing
those fields they wish to be viewable.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38731>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list