[wp-trac] [WordPress Trac] #40450: Introduce REST API endpoint for proxying requests to external oEmbed providers

WordPress Trac noreply at wordpress.org
Fri Apr 14 18:22:39 UTC 2017


#40450: Introduce REST API endpoint for proxying requests to external oEmbed
providers
-------------------------+-----------------------------
 Reporter:  westonruter  |      Owner:
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  Embeds       |    Version:
 Severity:  normal       |   Keywords:
  Focuses:  rest-api     |
-------------------------+-----------------------------
 When doing oEmbed previews in the client, both in the media modal `embed`
 frame and in the TinyMCE embed preview, a `parse-embed` admin-ajax request
 is currently made to do the parsing. This request requires a `post_ID`
 parameter because the WP Embed logic caches oEmbed responses in postmeta
 (see #34115). There is a need for this in the media widgets to be able to
 obtain the `thumbnail_url` for a given oEmbed URL. Unfortunately the
 oEmbed preview in the media modal fails because there is no `post_ID` for
 context.

 There is currently an `wp-json/oembed/1.0/embed` endpoint for serving
 oEmbed responses for posts on a given site. It would be a useful
 improvement to extend this endpoint to also allow for proxying the oEmbed
 provider lookup and fetching, as handled internally in
 `\WP_oEmbed::get_html()`: https://github.com/WordPress/wordpress-
 develop/blob/4.7/src/wp-includes/class-oembed.php#L333-L360

 I understand there is also a concern for using such an `embed` endpoint
 for doing DDoS attacks, so I imagine any external URL lookups would
 require auth.

 Once this is implemented, the use of the `embed` endpoint can potentially
 replace the `parse-embed` request, at least when there is no `post_ID` for
 context.

 For background, see:
 https://wordpress.slack.com/archives/C02RQC26G/p1492038272597233
 https://github.com/xwp/wp-core-media-
 widgets/pull/53#issuecomment-294131744

--
Ticket URL: <https://core.trac.wordpress.org/ticket/40450>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform


More information about the wp-trac mailing list