Opened 5 years ago
Closed 5 years ago
#48043 closed feature request (duplicate)
Rest API's privacy should be adjustable or private by default
Reported by: | katsar0v | Owned by: | |
---|---|---|---|
Milestone: | Priority: | normal | |
Severity: | normal | Version: | |
Component: | REST API | Keywords: | |
Focuses: | privacy | Cc: |
Description
One issue of the REST API WordPress provides is the not so flexible privacy. After installation with the default theme and after enabling pretty permalink all REST API endpoints are visible - /wp-json
. The users are visible, the media files and the endpoints of other plugins (which is a potential security issue) are also visible.
The rest api should be adjustable in terms of privacy. Currently the issue is only is only gone after installing the plugin... or writing the plugin/functions yourself. Gutenberg uses the rest api, so it makes sense to make the rest endpoint for gutenberg available for the user with the correct rights, but why expose all other endpoints?
Change History (2)
Note: See
TracTickets for help on using
tickets.
Duplicate of #49110.
Going to close as dupe of a newer ticket because it has more details.