[wp-trac] [WordPress Trac] #46907: Pass current request object to rest_authentication_errors filter
WordPress Trac
noreply at wordpress.org
Sat Jul 27 15:11:57 UTC 2019
#46907: Pass current request object to rest_authentication_errors filter
-------------------------+-----------------------
Reporter: ocean90 | Owner: ocean90
Type: enhancement | Status: closed
Priority: normal | Milestone: 5.3
Component: REST API | Version:
Severity: normal | Resolution: fixed
Keywords: has-patch | Focuses: rest-api
-------------------------+-----------------------
Comment (by TimothyBlynJacobs):
I added this in the Slack scrub.
> This is tricky. I’ve always thought that the request object was omitted
intentionally, since the purpose of the authentication hook is to set the
current user for the request and let permission checks dictate everything
else. However, I think it is at least somewhat common for plugins that
make use of the REST API to provide custom authentication schemes that
only work for their endpoints.
> I think feedback from the brain trust would be quite helpful here
@kadamwhite.
> I think at one point I tried to find the original discussion on the
filter, but IIRC it originated in the GSOC project and I couldn’t really
find much more written about the design of it.
----
Regardless, should the `$request` parameter be optional here to maintain
BC if someone is calling the method directly? It is a `public` method, and
could've been `protected` or `private`, so it would appear to developers
to be safe to call.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/46907#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list