[wp-trac] [WordPress Trac] #48812: REST API: Settings endpoint - read access
WordPress Trac
noreply at wordpress.org
Wed Nov 27 19:06:35 UTC 2019
#48812: REST API: Settings endpoint - read access
------------------------------------------------+--------------------------
Reporter: scruffian | Owner: (none)
Type: enhancement | Status: new
Priority: normal | Milestone: Awaiting
| Review
Component: REST API | Version: 4.7
Severity: normal | Resolution:
Keywords: has-patch 2nd-opinion dev-feedback | Focuses:
------------------------------------------------+--------------------------
Changes (by TimothyBlynJacobs):
* keywords: has-patch => has-patch 2nd-opinion dev-feedback
* version: => 4.7
Comment:
My understanding is when grabbing settings values that are public has come
up before, they've been added to the Site Index instead. For instance
#39854. The site title is already available via the index in this way.
Changing the permissions globally here to be less restrictive would be
pretty much a no-go from my perspective. If there is setting data that
can't be exposed in the index for some reason, then we'd need to allow for
settings to have a custom capabilities check specified via
`register_setting`.
Even with that, though, making it looser could still have some
implications. Right now, someone can expect that if a valid settings
response is returned, the user has passed the permissions callback. This
would impact the `rest_request_after_callbacks` and `rest_post_dispatch`
filters.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48812#comment:2>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list