[wp-trac] [WordPress Trac] #38446: Deprecate the rest_enabled filter
WordPress Trac
noreply at wordpress.org
Mon Oct 24 01:33:42 UTC 2016
#38446: Deprecate the rest_enabled filter
-------------------------------------------------+-------------------------
Reporter: pento | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 4.7
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests needs- | Focuses:
docs needs-dev-note |
-------------------------------------------------+-------------------------
Comment (by rmccue):
I am -1 on removing this, for a few reasons.
1. I think we should give people enough rope to hang themselves if they
really want. The fact is that the REST API does introduce a new attack
surface (the Flash XSS exploit for example).
2. The admin should be designed to work without JavaScript, and hence
without the REST API. For people that disable the API, the progressive
enhancement should drop back to standard interactions.
That said, there is a way to remove the endpoints without needing to use
this filter:
{{{
remove_action( 'rest_api_init', 'create_initial_rest_routes', 99 );
}}}
I think we should start publicising this method rather than the
sledgehammer that is `rest_enabled`.
@dmchale Maybe you could switch your plugin to that method? Unsure if
that's changing the functionality too much.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/38446#comment:7>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list