WordPress.org

Make WordPress Core

Opened 4 months ago

Closed 3 weeks ago

#48043 closed feature request (duplicate)

Rest API's privacy should be adjustable or private by default

Reported by: katsar0v Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: REST API Keywords:
Focuses: privacy Cc:
PR Number:

Description

One issue of the REST API WordPress provides is the not so flexible privacy. After installation with the default theme and after enabling pretty permalink all REST API endpoints are visible - /wp-json. The users are visible, the media files and the endpoints of other plugins (which is a potential security issue) are also visible.

The rest api should be adjustable in terms of privacy. Currently the issue is only is only gone after installing the plugin... or writing the plugin/functions yourself. Gutenberg uses the rest api, so it makes sense to make the rest endpoint for gutenberg available for the user with the correct rights, but why expose all other endpoints?

Change History (2)

#1 @SergeyBiryukov
4 months ago

  • Focuses privacy added

#2 @TimothyBlynJacobs
3 weeks ago

  • Milestone Awaiting Review deleted
  • Resolution set to duplicate
  • Status changed from new to closed

Duplicate of #49110.

Going to close as dupe of a newer ticket because it has more details.

Note: See TracTickets for help on using tickets.