[wp-trac] [WordPress Trac] #52384: WordPress API - Add Limit / Block API Access Features
WordPress Trac
noreply at wordpress.org
Wed Jan 27 15:53:27 UTC 2021
#52384: WordPress API - Add Limit / Block API Access Features
-----------------------------+------------------------------
Reporter: Darko A7 | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: REST API | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by tezalsec):
I agree.
Core could allow for configuration to whitelist variable elements in the
API endpoints:
- endpoint url,
- optional url token parameter,
- query url parameters (also to limit requestable amount of data) and
- IP address.
Individually, or combined.
Something like this really should be in core. Like managing ports on a
server. Only open what is needed (under controlled conditions), and keep
the rest closed. Just allowing it all open with WP-json is bad for
security, privacy and resources.
It would be a nice way to allow for safe communication between self-
managed servers, or business to business data exchange.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/52384#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list