[wp-trac] [WordPress Trac] #43998: REST API: Permit unbounded per_page=-1 requests for authorized users
WordPress Trac
noreply at wordpress.org
Mon Oct 15 05:03:23 UTC 2018
#43998: REST API: Permit unbounded per_page=-1 requests for authorized users
------------------------------------------+-----------------------
Reporter: danielbachhuber | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: 5.0
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: needs-patch needs-unit-tests | Focuses: rest-api
------------------------------------------+-----------------------
Comment (by rmccue):
Replying to [comment:8 adamsilverstein]:
> I don't think adding support for unbound requests to the REST API is a
good idea. It breaks the contract and is not scalable or performant.
I strongly agree with this. We have already begun seeing fatal errors due
to Gutenberg's unbounded queries, and this is blocking our rollout of
Gutenberg to sites. If this is included in 5.0, we will need to either
force-override the limit (and hence break Gutenberg) or disable Gutenberg
entirely.
Unbounded queries should never be allowed in a user-controlled interface.
The only places in core where they exist currently are in tightly
controlled places with minimal data sets (although I'd argue those should
also be bounded in any case).
If the reason to do this is because lazyloading with pagination (i.e.
Select2) is not accessible, then the UX and feature need to change,
because it is, in my opinion, unacceptable that this should be in core. We
cannot compromise on accessibility, but we can't take the site down
either.
This should be a blocker for merge.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/43998#comment:15>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list