WordPress.org

Make WordPress Core

Opened 5 weeks ago

Last modified 5 weeks ago

#48043 new feature request

Rest API's privacy should be adjustable or private by default

Reported by: katsar0v Owned by:
Milestone: Awaiting Review Priority: normal
Severity: normal Version:
Component: REST API Keywords:
Focuses: privacy Cc:
PR Number:

Description

One issue of the REST API WordPress provides is the not so flexible privacy. After installation with the default theme and after enabling pretty permalink all REST API endpoints are visible - /wp-json. The users are visible, the media files and the endpoints of other plugins (which is a potential security issue) are also visible.

The rest api should be adjustable in terms of privacy. Currently the issue is only is only gone after installing the plugin... or writing the plugin/functions yourself. Gutenberg uses the rest api, so it makes sense to make the rest endpoint for gutenberg available for the user with the correct rights, but why expose all other endpoints?

Change History (1)

#1 @SergeyBiryukov
5 weeks ago

  • Focuses privacy added
Note: See TracTickets for help on using tickets.