WP-API / wp-api-site-endpoints

Legacy experimental plugin for Site Endpoints. Not maintained.
28 stars 8 forks source link

Expose private site properties to authenticated users only #5

Open frankiejarrett opened 8 years ago

frankiejarrett commented 8 years ago

Unlike published content, options can be security-sensitive and should not be exposed to everyone.

So while we were combing through options recently, we discussed each one and determined whether or not we felt it should be public or private.

danielbachhuber commented 8 years ago

Generally, a good rule of thumb as to whether an option should be public or private is whether it's already publicly exposed (e.g. indirect UI, body class added, etc.). If it's not exposed as a variable on the frontend, then it should remain private.

frankiejarrett commented 8 years ago

@danielbachhuber :+1: good rule