[wp-trac] [WordPress Trac] #34563: URL structure for providing oEmbed should be made easier to block at webserver
WordPress Trac
noreply at wordpress.org
Wed Nov 4 09:41:15 UTC 2015
#34563: URL structure for providing oEmbed should be made easier to block at
webserver
--------------------------+-----------------------
Reporter: mark-k | Owner:
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Embeds | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+-----------------------
Comment (by mark-k):
Replying to [comment:5 swissspidy]:
> @mark-k For clarification, are you talking about the oEmbed endpoint
(`http://example.com/wp-json/oembed/1.0/embed/?url=<url>`) or the embed
endpoint for a specific post (`http://example.com/my-post/embed/`)?
Essentially both. I don't know what will be the usage pattern and how will
bots react to this feature, so IMHO it is better to err on the side of
having too much security/performance related options then not having
enough.
To clarify my position, I am not against any specific pattern, but
blocking the features at the webserver level should be done in a way that
not very technical people will be able to copy&paste into their htaccess
file.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/34563#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list