[wp-trac] [WordPress Trac] #38446: Deprecate the rest_enabled filter
WordPress Trac
noreply at wordpress.org
Sun Oct 23 02:48:08 UTC 2016
#38446: Deprecate the rest_enabled filter
-------------------------------------------------+-------------------------
Reporter: pento | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 4.7
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests needs- | Focuses:
docs needs-dev-note |
-------------------------------------------------+-------------------------
Changes (by pento):
* keywords: needs-patch needs-unit-tests => needs-patch needs-unit-tests
needs-docs needs-dev-note
Comment:
@dmchale: Hi there! It looks like yours is the only WordPress.org plugin
that makes use of this filter - as the REST API is going to become a
dependency for wp-admin, disabling the REST API won't work anymore.
I'd recommend replacing it with a check that the user is logged in,
something like:
{{{#!php
function only_allow_logged_in_rest_access( $access ) {
if( ! is_user_logged_in() ) {
return new WP_Error( 'rest_cannot_access', __( 'Only
authenticated users can access the REST API.', 'disable-json-api' ),
array( 'status' => rest_authorization_required_code() ) );
}
return $access;
}
add_filter( 'rest_authentication_errors',
'only_allow_logged_in_rest_access' );
}}}
Ticket note: I'm inclined to do a make/core dev note for this change, too,
as there are
[https://www.google.com/search?q=%22add_filter+rest_enabled%22 several
snippets floating around] to do the same thing.
We can document `rest_authentication_errors` as the alternative, and
include this example on docs page.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38446#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list