[wp-trac] [WordPress Trac] #39806: Disable REST API by default, making it opt-in rather than always-on
WordPress Trac
noreply at wordpress.org
Wed Feb 8 00:53:45 UTC 2017
#39806: Disable REST API by default, making it opt-in rather than always-on
-------------------------+------------------------------
Reporter: mor10 | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version: trunk
Severity: normal | Resolution:
Keywords: close | Focuses:
-------------------------+------------------------------
Comment (by knutsp):
> Its sole function in this scenario is for 3rd parties to gain access to
content.
The sole function of WordPress is to gain access to content! (read for the
public, write for the authenticated users)
* Web "API" for browsers/humans
* Feeds for applications (read only)
* XMLRPC and REST APIs for applications, including WordPress core, themes
and plugins
* admin-ajax for core
If REST API becomes default disabled then development of core, themes and
plugins that want to use this latest and greatest of APIs will halt. Who
wants to explain users why and how to enable it, without indicating this
is something extraordinary that opens some dangerous gate?
If themes and plugins should "opt-in" or "require" the REST API, how
should that happen? Should those override the site admin's decision not to
enable it? Or just notify and pray? Well, ok, and the grant the same
option to core, and core will "require" REST API very soon.
Either the REST API is immature and should not be part of core (but that
train has left, really), or it should be always on, until someone who
knows what it is disables it by a plugin or some simple code.
The discussions around REST API and it's inclusion in core has been long.
One of the last criteria for accepting it in was the benefits for core
itself and the use by core.
That's where we are.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/39806#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list