| ▲ | thedevilslawyer a day ago |
| Frankly, you're wrong. This is a fundamentally better plugin architecture that WP, and if you can't see it, then it's your understanding of security that's not right. |
|
| ▲ | Yokohiii a day ago | parent [-] |
| If you have arguments, then make them. This is just saying stuff for the sake of it. |
| |
| ▲ | thedevilslawyer a day ago | parent [-] | | The post literally does that. it talks about how plugin access to core is handled. So to be explicit: if you don't see that as a very significant security improvement over WP's open world, then it may help to understand why. The post also talks about WP ecosystem downside due to this. | | |
| ▲ | Yokohiii a day ago | parent [-] | | | "network:fetch" // ctx.http is available (host-restricted via allowedHosts)
| "network:fetch:any" // ctx.http is available (unrestricted outbound — use for user-configured URLs)
| "read:content" // ctx.content.get/list available
| "write:content" // ctx.content.create/update/delete available
| "read:media" // ctx.media.get/list available
| "write:media" // ctx.media.getUploadUrl/delete available
| "read:users" // ctx.users is available
| "email:send" // ctx.email is available (when a provider is configured)
| "email:provide" // can register email:deliver exclusive hook (transport provider)
| "email:intercept" // can register email:beforeSend / email:afterSend hooks
| "page:inject"; // can register page:fragments hook (inject scripts/styles into pages)
That are the plugin capabilities. I have no clue how it could replace any serious WP plugin. Of course it's secure ;) |
|
|
