[wp-trac] [WordPress Trac] #39806: Disable REST API by default, making it opt-in rather than always-on
WordPress Trac
noreply at wordpress.org
Tue Feb 7 18:49:29 UTC 2017
#39806: Disable REST API by default, making it opt-in rather than always-on
-------------------------+-----------------------------
Reporter: mor10 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Keywords:
Focuses: |
-------------------------+-----------------------------
Disable the REST API by default and enable it only when the site admin
requests it or a theme or plugin is dependent on it for full
functionality.
For sites that do not take advantage of the REST API, its always-on status
is not beneficial. Its sole function in this scenario is for 3rd parties
to gain access to content. This should be an active decision made by the
site owner/admin, not a global decision made by the application.
I propose three changes to address this issue:
1. REST API is disabled by default and site admin is given the option to
enable it during initial install and later via a toggle on the Settings
view. Admin should be allowed to toggle the REST API status at any time,
akin to how search engine crawling is controlled.
2. A `define( ‘WP_REST_API’, false );` option is introduced in wp-
config.php to globally enable/disable REST API.
3. Theme and plugin authors can declare REST API dependency in their
setup. When the theme/plugin is activated, the site admin is notified this
requires the REST API to be enabled allowing transparency and handing the
decision to the admin.
With these three enhancements, the REST API will be available for those
who want to use it, rely on it, and/or want to open their content to
consumption from 3rd parties while keeping it disabled for those who do
not want to use it or, maybe most importantly, ''are not aware what this
feature is'' and have no use for it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39806>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list