Disabling REST API breaks error reporting

  • Resolved aCstudent

    (@acstudent)


    6 years, 5 months ago

    I test drove the plugin and love it – thank you for doing this, Dylan. Unfortunately I have REST API disabled so error reporting doesn’t work once I start enforcing the rules. I gotta choose between REST API security risks and no-CSP security risks, and I’m leaning no-CSP. Any chance a future version could do error reporting some other way that does not use REST API? Again, great plugin – you are awesome for creating it and making available for free.

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Dylan

    (@dyland)

    The plugin used AJAX in the first iterations but with the REST API becoming part of the core it seemed to make sense to switch. You could switch to use a third party logging service such as https://report-uri.com/ though that would still leave the admin system needing REST.

    Thread Starter aCstudent

    (@acstudent)

    Thank you Dylan. Again, I love the plugin. It is awesome, and you are awesome for creating it and making it available. Just … I won’t be using it. From a security perspective I am more concerned about REST API than I am enamored with CSP. That may change in the future and if so I will certainly circle back.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Disabling REST API breaks error reporting’ is closed to new replies.

Tags