[wp-trac] [WordPress Trac] #49272: Add support for new privacy headers in core
WordPress Trac
noreply at wordpress.org
Fri Aug 21 09:25:51 UTC 2020
#49272: Add support for new privacy headers in core
-------------------------+--------------------------------------
Reporter: carike | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version:
Severity: normal | Resolution: fixed
Keywords: | Focuses: administration, privacy
-------------------------+--------------------------------------
Changes (by carike):
* status: new => closed
* resolution: => fixed
Old description:
> This ticket was split from #48486 to explore ways of adding extra Headers
> in order to provide a standard way to eventually create a `Disclosures
> and Permissions Tab` in both Core and Meta.
>
> Having a standardized set of headers will allow plugin authors to easily
> state their plugins' intentions, external resources, PII usage, and other
> privacy-related information.
>
> Reference with links to slack discussions can be found here:
> https://core.trac.wordpress.org/ticket/48486#comment:26
>
> As well as from today's core-privacy meeting:
> https://wordpress.slack.com/archives/C9695RJBW/p1579721408083300
>
> Also, an earlier idea similar to this was at #43750 (along with various
> slack chats that are hard to track at the moment), but we decided to
> start fresh and avoid further confusion from long chats and missing
> context.
>
> ----
>
> The scope of this ticket is to finalize the headers needed and to discuss
> the best way to support & read them for further usage.
>
> ----
>
> A plugin author should be able to declare these headers in the plugin's
> main PHP file.
>
> The following headers are being proposed:
>
> **Consent API**
> Declares compatibility with the Consent API.
> If not declared as TRUE / FALSE, it should default to NULL.
>
> **Disclosures Tab**
> Declares compatibility with the Disclosures and Permissions Tabs.
> If not declared as TRUE / FALSE, it should default to NULL.
>
> **External Network Calls PHP**
> Should accept a comma separated lists of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using PHP.
> Should default to NULL if the header is not declared.
>
> **External Network Calls JavaScript**
> Should accept a comma separated list of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using JavaScript.
> Should default to NULL if the header is not declared.
>
> **External Network Calls CSS**
> Should accept a comma separated list of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using CSS.
> Should default to NULL if the header is not declared.
>
> **SaaS**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Terms of Service** of any site
> that provides Software as a Service for the plugin.
> Should default to NULL if the header is not declared.
>
> **Calls to External APIs**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Terms of Service** that applies to
> each external API.
> Should default to NULL if the header is not declared.
>
> **Remote Assets**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Licence** that applies to the use
> of each remote asset.
> Should default to NULL if the header is not declared.
>
> **Sets Cookies PHP**
> If not declared as TRUE, it should default to NULL.
>
> **Sets Cookies JavaScript**
> If not declared as TRUE, it should default to NULL.
>
> **Writes to DB**
> If not declared as TRUE, it should default to NULL.
>
> **Creates Custom Post Type**
> If not declared as TRUE, it should default to NULL.
>
> **Creates Custom Table**
> If not declared as TRUE, it should default to NULL.
>
> **Stores PPI**
> If not declared as TRUE, it should default to NULL.
>
> **Supports PPI export**
> If not declared as TRUE, it should default to NULL.
>
> **Supports PPI erasure**
> If not declared as TRUE, it should default to NULL.
>
> **Sends e-mails**
> If not declared as TRUE, it should default to NULL.
>
> **Advertises in wp-admin**
> If not declared as TRUE, it should default to NULL.
>
> **Asks for Backlinks**
> If not declared as TRUE, it should default to NULL.
>
> **Code Audited by Third Party**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the third party's site that performed
> each independent review of the code.
> If not declared as TRUE, it should default to NULL.
New description:
Update: This ticket has been closed in favour of #51092, to account for
the recommendations in this ticket.
Thank you to everyone who contributed.
This ticket was split from #48486 to explore ways of adding extra Headers
in order to provide a standard way to eventually create a `Disclosures and
Permissions Tab` in both Core and Meta.
Having a standardized set of headers will allow plugin authors to easily
state their plugins' intentions, external resources, PII usage, and other
privacy-related information.
Reference with links to slack discussions can be found here:
https://core.trac.wordpress.org/ticket/48486#comment:26
As well as from today's core-privacy meeting:
https://wordpress.slack.com/archives/C9695RJBW/p1579721408083300
Also, an earlier idea similar to this was at #43750 (along with various
slack chats that are hard to track at the moment), but we decided to start
fresh and avoid further confusion from long chats and missing context.
----
The scope of this ticket is to finalize the headers needed and to discuss
the best way to support & read them for further usage.
----
A plugin author should be able to declare these headers in the plugin's
main PHP file.
The following headers are being proposed:
**Consent API**
Declares compatibility with the Consent API.
If not declared as TRUE / FALSE, it should default to NULL.
**Disclosures Tab**
Declares compatibility with the Disclosures and Permissions Tabs.
If not declared as TRUE / FALSE, it should default to NULL.
**External Network Calls PHP**
Should accept a comma separated lists of URLs.
The plugin author should link to the **Privacy Policy** of any site that
external network calls are being made to using PHP.
Should default to NULL if the header is not declared.
**External Network Calls JavaScript**
Should accept a comma separated list of URLs.
The plugin author should link to the **Privacy Policy** of any site that
external network calls are being made to using JavaScript.
Should default to NULL if the header is not declared.
**External Network Calls CSS**
Should accept a comma separated list of URLs.
The plugin author should link to the **Privacy Policy** of any site that
external network calls are being made to using CSS.
Should default to NULL if the header is not declared.
**SaaS**
Should accept a comma-separated list of URLs.
The plugin author should link to the **Terms of Service** of any site that
provides Software as a Service for the plugin.
Should default to NULL if the header is not declared.
**Calls to External APIs**
Should accept a comma-separated list of URLs.
The plugin author should link to the **Terms of Service** that applies to
each external API.
Should default to NULL if the header is not declared.
**Remote Assets**
Should accept a comma-separated list of URLs.
The plugin author should link to the **Licence** that applies to the use
of each remote asset.
Should default to NULL if the header is not declared.
**Sets Cookies PHP**
If not declared as TRUE, it should default to NULL.
**Sets Cookies JavaScript**
If not declared as TRUE, it should default to NULL.
**Writes to DB**
If not declared as TRUE, it should default to NULL.
**Creates Custom Post Type**
If not declared as TRUE, it should default to NULL.
**Creates Custom Table**
If not declared as TRUE, it should default to NULL.
**Stores PPI**
If not declared as TRUE, it should default to NULL.
**Supports PPI export**
If not declared as TRUE, it should default to NULL.
**Supports PPI erasure**
If not declared as TRUE, it should default to NULL.
**Sends e-mails**
If not declared as TRUE, it should default to NULL.
**Advertises in wp-admin**
If not declared as TRUE, it should default to NULL.
**Asks for Backlinks**
If not declared as TRUE, it should default to NULL.
**Code Audited by Third Party**
Should accept a comma-separated list of URLs.
The plugin author should link to the third party's site that performed
each independent review of the code.
If not declared as TRUE, it should default to NULL.
--
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49272#comment:20>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list