[wp-trac] [WordPress Trac] #38691: REST API: Hide schema/args for site-customized endpoints unless authenticated
WordPress Trac
noreply at wordpress.org
Mon Nov 7 14:41:36 UTC 2016
#38691: REST API: Hide schema/args for site-customized endpoints unless
authenticated
--------------------------+------------------------------
Reporter: jnylen0 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by danielbachhuber):
Replying to [ticket:38691 jnylen0]:
> we should consider hiding the list of site-registered custom settings
from the schema and endpoint arguments unless the requesting user has the
permissions necessary to actually use these arguments.
Few questions about this:
* Can you provide some examples of setting schema you'd like to put behind
authentication?
* How would you determine whether or not a user has authorization to view
the schema?
* Have you considered ''not'' declaring the setting in the schema, and
just conditionally including it in the response?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38691#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list