[wp-trac] [WordPress Trac] #49110: Add ability to lock/restrict public REST API access from WP Admin
WordPress Trac
noreply at wordpress.org
Thu Jan 2 22:07:45 UTC 2020
#49110: Add ability to lock/restrict public REST API access from WP Admin
-------------------------+------------------------------------------------
Reporter: apedog | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: REST API | Version:
Severity: normal | Resolution: worksforme
Keywords: close | Focuses: administration, rest-api, privacy
-------------------------+------------------------------------------------
Changes (by azaozz):
* status: new => closed
* resolution: => worksforme
* milestone: Awaiting Review =>
Comment:
Completely agree with @TimothyBlynJacobs, @xkon, and @jorbin that an user
facing option to "lock/restrict the public REST API" is not a good idea.
As pointed out above it will not only allow users to "break their sites".
It also "pushes" the users into having to make a decision about concepts
and features that most people are not aware of. Leaving such choices in
the hands of the web developers, like theme/plugin authors, is the proper
solution.
If there are cases of private or restricted data available through the
REST API for non logged-in users, they should be treated as bugs and fixed
in specific tickets for each specific case. Similarly, if a theme or a
plugin restricts what data is accessible for non logged-in users, the
theme/plugin should also ensure that access to that data is restricted
through RSS and REST.
@apedog I understand your concerns but a user facing option in wp-admin
doesn't seem to be the best solution :) REST is just another way to access
a WordPress powered site, similarly to many other web sites that are not
powered by WordPress. If a website owner or a website "builder/developer"
wants to restrict some of the public data available by default to non
logged-in users, best would be to install a "proper" plugin, or develop
one if their needs are not met by any existing plugin.
Closing this as "worksforme" since it is the intended behaviour. Please
open specific tickets if there are cases where (private or restricted)
data is not available by default through the "front-end", but is available
through the REST API for non logged-in users.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/49110#comment:13>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list