[wp-trac] [WordPress Trac] #38691: REST API: Hide schema/args for site-customized endpoints unless authenticated
WordPress Trac
noreply at wordpress.org
Mon Nov 7 15:16:32 UTC 2016
#38691: REST API: Hide schema/args for site-customized endpoints unless
authenticated
--------------------------+------------------------------
Reporter: jnylen0 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Comment (by danielbachhuber):
Ok. At this point, I'm against the intent of this ticket for a few
different reasons:
1. Authentication is different then authorization, and we don't currently
have an architecture for checking authorization on specific schema
properties.
2. Although we haven't explicitly stated as such, schemas aren't intended
to be dynamic based on the request. The schema is meant to be a relatively
fixed representation of the WordPress site.
3. Because of 2, it's conceivable a client would cache the schema between
users. If the schema was dynamic between users, then it would be incorrect
in some uses.
Given these points, it'd be worthwhile to document the intended nature of
schemas somewhere.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38691#comment:3>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list