[wp-trac] [WordPress Trac] #49272: Add support for new privacy headers in core

WordPress Trac noreply at wordpress.org
Wed Jan 22 22:25:14 UTC 2020 

#49272: Add support for new privacy headers in core
-------------------------+--------------------------------------
 Reporter:  carike       |       Owner:  (none)
     Type:  enhancement  |      Status:  new
 Priority:  normal       |   Milestone:  Awaiting Review
Component:  Privacy      |     Version:
 Severity:  normal       |  Resolution:
 Keywords:               |     Focuses:  administration, privacy
-------------------------+--------------------------------------
Description changed by xkon:

Old description:

> A plugin author should be able to declare these headers in the plugin's
> main PHP file.
>
> The following headers are being proposed:
>
> **Consent API**
> Declares compatibility with the Consent API.
> If not declared as TRUE / FALSE, it should default to NULL.
>
> **Disclosures Tab**
> Declares compatibility with the Disclosures and Permissions Tabs.
> If not declared as TRUE / FALSE, it should default to NULL.
>
> **External Network Calls PHP**
> Should accept a comma separated lists of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using PHP.
> Should default to NULL if the header is not declared.
>
> **External Network Calls JavaScript**
> Should accept a comma separated list of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using JavaScript.
> Should default to NULL if the header is not declared.
>
> **External Network Calls CSS**
> Should accept a comma separated list of URLs.
> The plugin author should link to the **Privacy Policy** of any site that
> external network calls are being made to using CSS.
> Should default to NULL if the header is not declared.
>
> **SaaS**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Terms of Service** of any site
> that provides Software as a Service for the plugin.
> Should default to NULL if the header is not declared.
>
> **Calls to External APIs**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Terms of Service** that applies to
> each external API.
> Should default to NULL if the header is not declared.
>
> **Remote Assets**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the **Licence** that applies to the use
> of each remote asset.
> Should default to NULL if the header is not declared.
>
> **Sets Cookies PHP**
> If not declared as TRUE, it should default to NULL.
>
> **Sets Cookies JavaScript**
> If not declared as TRUE, it should default to NULL.
>
> **Writes to DB**
> If not declared as TRUE, it should default to NULL.
>
> **Creates Custom Post Type**
> If not declared as TRUE, it should default to NULL.
>
> **Creates Custom Table**
> If not declared as TRUE, it should default to NULL.
>
> **Stores PPI**
> If not declared as TRUE, it should default to NULL.
>
> **Supports PPI export**
> If not declared as TRUE, it should default to NULL.
>
> **Supports PPI erasure**
> If not declared as TRUE, it should default to NULL.
>
> **Sends e-mails**
> If not declared as TRUE, it should default to NULL.
>
> **Advertises in wp-admin**
> If not declared as TRUE, it should default to NULL.
>
> **Asks for Backlinks**
> If not declared as TRUE, it should default to NULL.
>
> **Code Audited by Third Party**
> Should accept a comma-separated list of URLs.
> The plugin author should link to the third party's site that performed
> each independent review of the code.
> If not declared as TRUE, it should default to NULL.

New description:

 This ticket was split from #48486 to explore ways of adding extra Headers
 in order to provide a standard way to eventually create a `Disclosures and
 Permissions Tab` in both Core and Meta.

 Having a standardized set of headers will allow plugin authors to easily
 state their plugins' intentions, external resources, PII usage, and other
 privacy-related information.

 Reference with links to slack discussions can be found here:
 https://core.trac.wordpress.org/ticket/48486#comment:26

 As well as from today's core-privacy meeting:
 https://wordpress.slack.com/archives/C9695RJBW/p1579721408083300

 Also, an earlier idea similar to this was at #43750 (along with various
 slack chats that are hard to track at the moment), but we decided to start
 fresh and avoid further confusion from long chats and missing context.

 ----

 The scope of this ticket is to finalize the headers needed and to discuss
 the best way to support & read them for further usage.

 ----

 A plugin author should be able to declare these headers in the plugin's
 main PHP file.

 The following headers are being proposed:

 **Consent API**
 Declares compatibility with the Consent API.
 If not declared as TRUE / FALSE, it should default to NULL.

 **Disclosures Tab**
 Declares compatibility with the Disclosures and Permissions Tabs.
 If not declared as TRUE / FALSE, it should default to NULL.

 **External Network Calls PHP**
 Should accept a comma separated lists of URLs.
 The plugin author should link to the **Privacy Policy** of any site that
 external network calls are being made to using PHP.
 Should default to NULL if the header is not declared.

 **External Network Calls JavaScript**
 Should accept a comma separated list of URLs.
 The plugin author should link to the **Privacy Policy** of any site that
 external network calls are being made to using JavaScript.
 Should default to NULL if the header is not declared.

 **External Network Calls CSS**
 Should accept a comma separated list of URLs.
 The plugin author should link to the **Privacy Policy** of any site that
 external network calls are being made to using CSS.
 Should default to NULL if the header is not declared.

 **SaaS**
 Should accept a comma-separated list of URLs.
 The plugin author should link to the **Terms of Service** of any site that
 provides Software as a Service for the plugin.
 Should default to NULL if the header is not declared.

 **Calls to External APIs**
 Should accept a comma-separated list of URLs.
 The plugin author should link to the **Terms of Service** that applies to
 each external API.
 Should default to NULL if the header is not declared.

 **Remote Assets**
 Should accept a comma-separated list of URLs.
 The plugin author should link to the **Licence** that applies to the use
 of each remote asset.
 Should default to NULL if the header is not declared.

 **Sets Cookies PHP**
 If not declared as TRUE, it should default to NULL.

 **Sets Cookies JavaScript**
 If not declared as TRUE, it should default to NULL.

 **Writes to DB**
 If not declared as TRUE, it should default to NULL.

 **Creates Custom Post Type**
 If not declared as TRUE, it should default to NULL.

 **Creates Custom Table**
 If not declared as TRUE, it should default to NULL.

 **Stores PPI**
 If not declared as TRUE, it should default to NULL.

 **Supports PPI export**
 If not declared as TRUE, it should default to NULL.

 **Supports PPI erasure**
 If not declared as TRUE, it should default to NULL.

 **Sends e-mails**
 If not declared as TRUE, it should default to NULL.

 **Advertises in wp-admin**
 If not declared as TRUE, it should default to NULL.

 **Asks for Backlinks**
 If not declared as TRUE, it should default to NULL.

 **Code Audited by Third Party**
 Should accept a comma-separated list of URLs.
 The plugin author should link to the third party's site that performed
 each independent review of the code.
 If not declared as TRUE, it should default to NULL.

--

-- 
Ticket URL: <https://core.trac.wordpress.org/ticket/49272#comment:4>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform

More information about the wp-trac mailing list