Opt-out from re-registration of private APIs. #4121
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Gutenberg introduced a system of sharing private APIs in WordPress/gutenberg#46131. One of the safeguards is a check preventing the same module from opting-in twice so that contributors cannot easily gain access by pretending to be a core module. That safeguard is only meant for WordPress core and not for the released `@wordpress` packages. However, right now it is opt-out and must be explicitly disabled by developers wanting to install the `@wordpress` packages. Let's make it opt-out instead. This commit opts-out from that check in WordPress core by setting the ALLOW_EXPERIMENT_REREGISTRATION to false. Once it's merged, the Gutenberg plugin should be adjusted to use `true` as the default value.
This reverts commit 8761517.
adamziel
added a commit
to WordPress/gutenberg
that referenced
this pull request
Feb 23, 2023
…opt-out Gutenberg introduced a system of sharing private APIs in #46131. One of the safeguards is a check preventing the same module from opting-in twice so that contributors cannot easily gain access by pretending to be a core module. That safeguard is only meant for WordPress core and not for the released @WordPress packages. However, right now it is opt-out and must be explicitly disabled by developers wanting to install the @WordPress packages. Let's make it opt-out instead. This commit makes the check opt-in rather than opt-out. Its counterpart in the wordpress-develop repo makes WordPress explicitly set the ALLOW_EXPERIMENT_REREGISTRATION to false: WordPress/wordpress-develop#4121
gziolo
approved these changes
Feb 28, 2023
adamziel
added a commit
to WordPress/gutenberg
that referenced
this pull request
Feb 28, 2023
…opt-out via IS_WORDPRESS_CORE (#48352) Gutenberg introduced a system of sharing private APIs in #46131. One of the safeguards is a check preventing the same module from opting-in twice so that contributors cannot easily gain access by pretending to be a core module. That safeguard is only meant for WordPress core and not for the released @WordPress packages. However, right now it is opt-out and must be explicitly disabled by developers wanting to install the @WordPress packages. Let's make it opt-out instead. In other words: * If we’re in WP core – prevent opting-in to private API with the same package name twice * If we’re not in WP core – don’t prevent it Or: * Before this commit, double opt-in safeguard is enabled by default * After this commit, double opt-in safeguard is disabled by default AND WordPress core [explicitly enables it](WordPress/wordpress-develop#4121) The corresponding PR in `wordpress-develop` repo makes WordPress explicitly set the `IS_WORDPRESS_CORE` to true: WordPress/wordpress-develop#4121
|
@hellofromtonya @peterwilsoncc let me know if you think this is suitable for merging, and if yes then I could make it my first commit. |
|
@adamziel I marked the ticket for commit and assigned the commit to you. Go ahead with your first commit 🎉 |
peterwilsoncc
approved these changes
Mar 1, 2023
|
Committed in https://core.trac.wordpress.org/changeset/55512/trunk – thank you everyone! 🎉 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Gutenberg introduced a system of sharing private APIs in
WordPress/gutenberg#46131. One of the
safeguards is a check preventing the same module from opting-in
twice so that contributors cannot easily gain access by pretending
to be a core module.
That safeguard is only meant for WordPress core and not for
the released
@wordpresspackages. However, right now it isopt-out and must be explicitly disabled by developers wanting to
install the
@wordpresspackages. Let's make it opt-out instead.This commit opts-out from that check in WordPress core by setting
the
IS_WORDPRESS_COREtotrue. Once it's merged,the Gutenberg plugin should be adjusted to use
falseas thedefault value.
In other words:
Test plan:
Merging this PR will have no immediate effect:
wordpress-developrepo.I recommend:
This way, the check will be enabled by default in 6.2 and enabled explicitly in 6.3.
Trac ticket: https://core.trac.wordpress.org/ticket/57795