[wp-trac] [WordPress Trac] #48043: Rest API's privacy should be adjustable or private by default
WordPress Trac
noreply at wordpress.org
Sun Sep 15 18:01:32 UTC 2019
#48043: Rest API's privacy should be adjustable or private by default
-----------------------------+-----------------------------
Reporter: katsar0v | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Keywords:
Focuses: |
-----------------------------+-----------------------------
One issue of the REST API WordPress provides is the not so flexible
privacy. After installation with the default theme and after enabling
pretty permalink all REST API endpoints are visible - `/wp-json`. The
users are visible, the media files and the endpoints of other plugins
(which is a potential security issue) are also visible.
The rest api should be adjustable in terms of privacy. Currently the issue
is only is only gone after installing the plugin... or writing the
plugin/functions yourself. Gutenberg uses the rest api, so it makes sense
to make the rest endpoint for gutenberg available for the user with the
correct rights, but why expose all other endpoints?
--
Ticket URL: <https://core.trac.wordpress.org/ticket/48043>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list