[wp-trac] [WordPress Trac] #36257: REST API: It's difficult to impossible to determine the endpoint matched to a request

WordPress Trac noreply at wordpress.org
Tue Mar 15 23:14:20 UTC 2016 

#36257: REST API: It's difficult to impossible to determine the endpoint matched to
a request
-------------------------+-----------------------------
 Reporter:  jnylen0      |      Owner:
     Type:  enhancement  |     Status:  new
 Priority:  normal       |  Milestone:  Awaiting Review
Component:  REST API     |    Version:  trunk
 Severity:  normal       |   Keywords:
  Focuses:               |
-------------------------+-----------------------------
 Originally raised in Slack - https://wordpress.slack.com/archives/core-
 restapi/p1457730713002298

 It is really difficult (and sometimes impossible) to get good information
 about the route/endpoint that was matched to a request.

 You can inspect `$handler['callback']` in `'rest_dispatch_request'`, which
 gives the function that will handle the endpoint.  In
 `'rest_post_dispatch'` you can get the URL regex that was matched.  BUT
 none of that works if an error occurred in `'rest_authentication_errors'`,
 because the request is never dispatched.

 A couple of cases where we need to match up requests to endpoints on
 WordPress.com:

 1. Restricting access to certain endpoints.  As far as I can tell, this is
 only possible by inspecting `$handler['callback']` during e.g.
 `'rest_dispatch_request'` and looking at the class and method name of the
 callback.  (This also has the drawback that you can't prevent the
 endpoint's `permission_callback` from being called.  To get around this,
 we use the filters added in #35590.)
 2. Monitoring of endpoint calls, response times, etc.  Getting the matched
 route regex, like `/wp/v2/posts/(?P<id>[\d]+)`, is possible by listening
 on the `'rest_post_dispatch'` filter, but as mentioned above, this doesn't
 work if an error occurs in `'rest_authentication_errors'`, so we've had to
 move all of our auth logic out of `'rest_authentication_errors'` because
 we want to know which endpoints have failing auth.

 Suggested improvements:

 1. Make it possible to consistently and easily get info about the route
 that was matched up to a request, including the various URL pieces.
 2. Still dispatch a request, or at least match it up to what the route
 would have been, if an error happens in `'rest_authentication_errors'`.

--
Ticket URL: <https://core.trac.wordpress.org/ticket/36257>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list