[wp-trac] [WordPress Trac] #49272: Add support for new privacy headers in core

WordPress Trac noreply at wordpress.org
Fri Aug 21 09:25:51 UTC 2020 

#49272: Add support for new privacy headers in core
-------------------------+--------------------------------------
 Reporter:  carike       |       Owner:  (none)
     Type:  enhancement  |      Status:  closed
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Privacy      |     Version:
 Severity:  normal       |  Resolution:  fixed
 Keywords:               |     Focuses:  administration, privacy
-------------------------+--------------------------------------
Changes (by carike):

 * status:  new => closed
 * resolution:   => fixed


Old description:

> This ticket was split from #48486 to explore ways of adding extra Headers
> in order to provide a standard way to eventually create a `Disclosures
> and Permissions Tab` in both Core and Meta.
>
> Having a standardized set of headers will allow plugin authors to easily
> state their plugins' intentions, external resources, PII usage, and other
> privacy-related information.
>
> Reference with links to slack discussions can be found here:
> https://core.trac.wordpress.org/ticket/48486#comment:26
>
> As well as from today's core-privacy meeting:
> https://wordpress.slack.com/archives/C9695RJBW/p1579721408083300
>
> Also, an earlier idea similar to this was at #43750 (along with various
> slack chats that are hard to track at the moment), but we decided to
> start fresh and avoid further confusion from long chats and missing
> context.
>
> ----
>
> The scope of this ticket is to finalize the headers needed and to discuss
> the best way to support & read them for further usage.
>
> ----
>
> A plugin author should be able to declare these headers in the plugin's
> main PHP file.
>
> The following headers are being proposed:
>
> **Consent API**
> Declares compatibility with the Consent API.
> If not declared as TRUE / FALSE, it should default to NULL.
>
> **Disclosures Tab**
> Declares compatibility with the Disclosures and Permissions Tabs.
> If not declared as TRUE / FALSE, it should default to NULL.
>
> **External Network Calls PHP**
> Should accept a comma separated lists of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using PHP.
> Should default to NULL if the header is not declared.
>
> **External Network Calls JavaScript**
> Should accept a comma separated list of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using JavaScript.
> Should default to NULL if the header is not declared.
>
> **External Network Calls CSS**
> Should accept a comma separated list of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using CSS.
> Should default to NULL if the header is not declared.
>
> **SaaS**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Terms of Service** of any site
> that provides Software as a Service for the plugin.
> Should default to NULL if the header is not declared.
>
> **Calls to External APIs**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Terms of Service** that applies to
> each external API.
> Should default to NULL if the header is not declared.
>
> **Remote Assets**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Licence** that applies to the use
> of each remote asset.
> Should default to NULL if the header is not declared.
>
> **Sets Cookies PHP**
> If not declared as TRUE, it should default to NULL.
>
> **Sets Cookies JavaScript**
> If not declared as TRUE, it should default to NULL.
>
> **Writes to DB**
> If not declared as TRUE, it should default to NULL.
>
> **Creates Custom Post Type**
> If not declared as TRUE, it should default to NULL.
>
> **Creates Custom Table**
> If not declared as TRUE, it should default to NULL.
>
> **Stores PPI**
> If not declared as TRUE, it should default to NULL.
>
> **Supports PPI export**
> If not declared as TRUE, it should default to NULL.
>
> **Supports PPI erasure**
> If not declared as TRUE, it should default to NULL.
>
> **Sends e-mails**
> If not declared as TRUE, it should default to NULL.
>
> **Advertises in wp-admin**
> If not declared as TRUE, it should default to NULL.
>
> **Asks for Backlinks**
> If not declared as TRUE, it should default to NULL.
>
> **Code Audited by Third Party**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the third party's site that performed
> each independent review of the code.
> If not declared as TRUE, it should default to NULL.

New description:

 Update: This ticket has been closed in favour of #51092, to account for
 the recommendations in this ticket.
 Thank you to everyone who contributed.

 This ticket was split from #48486 to explore ways of adding extra Headers
 in order to provide a standard way to eventually create a `Disclosures and
 Permissions Tab` in both Core and Meta.

 Having a standardized set of headers will allow plugin authors to easily
 state their plugins' intentions, external resources, PII usage, and other
 privacy-related information.

 Reference with links to slack discussions can be found here:
 https://core.trac.wordpress.org/ticket/48486#comment:26

 As well as from today's core-privacy meeting:
 https://wordpress.slack.com/archives/C9695RJBW/p1579721408083300

 Also, an earlier idea similar to this was at #43750 (along with various
 slack chats that are hard to track at the moment), but we decided to start
 fresh and avoid further confusion from long chats and missing context.

 ----

 The scope of this ticket is to finalize the headers needed and to discuss
 the best way to support & read them for further usage.

 ----

 A plugin author should be able to declare these headers in the plugin's
 main PHP file.

 The following headers are being proposed:

 **Consent API**
 Declares compatibility with the Consent API.
 If not declared as TRUE / FALSE, it should default to NULL.

 **Disclosures Tab**
 Declares compatibility with the Disclosures and Permissions Tabs.
 If not declared as TRUE / FALSE, it should default to NULL.

 **External Network Calls PHP**
 Should accept a comma separated lists of URLs.
 The plugin author should link to the **Privacy Policy** of any site that
 external network calls are being made to using PHP.
 Should default to NULL if the header is not declared.

 **External Network Calls JavaScript**
 Should accept a comma separated list of URLs.
 The plugin author should link to the **Privacy Policy** of any site that
 external network calls are being made to using JavaScript.
 Should default to NULL if the header is not declared.

 **External Network Calls CSS**
 Should accept a comma separated list of URLs.
 The plugin author should link to the **Privacy Policy** of any site that
 external network calls are being made to using CSS.
 Should default to NULL if the header is not declared.

 **SaaS**
 Should accept a comma-separated list of URLs.
 The plugin author should link to the **Terms of Service** of any site that
 provides Software as a Service for the plugin.
 Should default to NULL if the header is not declared.

 **Calls to External APIs**
 Should accept a comma-separated list of URLs.
 The plugin author should link to the **Terms of Service** that applies to
 each external API.
 Should default to NULL if the header is not declared.

 **Remote Assets**
 Should accept a comma-separated list of URLs.
 The plugin author should link to the **Licence** that applies to the use
 of each remote asset.
 Should default to NULL if the header is not declared.

 **Sets Cookies PHP**
 If not declared as TRUE, it should default to NULL.

 **Sets Cookies JavaScript**
 If not declared as TRUE, it should default to NULL.

 **Writes to DB**
 If not declared as TRUE, it should default to NULL.

 **Creates Custom Post Type**
 If not declared as TRUE, it should default to NULL.

 **Creates Custom Table**
 If not declared as TRUE, it should default to NULL.

 **Stores PPI**
 If not declared as TRUE, it should default to NULL.

 **Supports PPI export**
 If not declared as TRUE, it should default to NULL.

 **Supports PPI erasure**
 If not declared as TRUE, it should default to NULL.

 **Sends e-mails**
 If not declared as TRUE, it should default to NULL.

 **Advertises in wp-admin**
 If not declared as TRUE, it should default to NULL.

 **Asks for Backlinks**
 If not declared as TRUE, it should default to NULL.

 **Code Audited by Third Party**
 Should accept a comma-separated list of URLs.
 The plugin author should link to the third party's site that performed
 each independent review of the code.
 If not declared as TRUE, it should default to NULL.

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49272#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list