Still call to API

  • Resolved Pieter Bos

    (@senlin)


    7 years, 11 months ago

    With the plugin activated I still see the following line in the <head> section of the site:

    <link rel="https://api.w.org/" href="https://domain.com/wp-json/">

    Shouldn’t that call be eliminated too with the plugin activated?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Dave McHale

    (@dmchale)

    That was actually a design decision for WordPress 4.7+. Now that the REST API is part of core with content endpoints, I didn’t feel that “hiding” the API was appropriate anymore. With the rest_enabled filter now deprecated, this plugin forcibly throws an authentication error for ALL endpoints if the user is not logged into WordPress (even if they are supposed to be public endpoints). If you actually browse to https://domain.com/wp-json/ on your domain while not logged in, do you see a valid response filled with site data or do you receive an auth error? You SHOULD see the auth error.

    You’re not the first person to ask about this change, though, and I’m open to more feedback. Do you feel that headers related to the API should still be removed by default? Perhaps if the plugin had a settings page where you could choose to hide the headers again? Something different?

    Thread Starter Pieter Bos

    (@senlin)

    Hi Dale,
    Many thanks for your reply and explanation.
    Yes, the plugin works and when not logged in I see the auth error message.

    I was just thinking in terms of page optimisation and speed, every call outside that can be saved is a small “win”. And I think it is safe to assume that people that install your plugin want to disable to whole REST API lot. For me that includes the outgoing link, but that might not be for all…

    With a settings page this indeed could be made easier for everyone, wouldn’t know another way to contact the users to ask them ??

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Still call to API’ is closed to new replies.