Remove specific endpoints from wordpress json api - wordpress-rest-api

I'd like to try to use wordpress as backend only solution. I'd like to use wordpress json api. So I looked at what it offers. It's quite complete, but I want to remove some functionality.
For example There's this route :
"\/wp\/v2\/posts\/(?P<id>[\\d]+)"
I'd like to limit it to GET. I'd like to completely remove some endpoints (like users/* or settings) and remove some methods inside endpoints.
I stumbled upon this https://github.com/WP-API/WP-API/issues/2338. I understand how it works, but I don't get where I can use this code, do I have to make a plugin of my own for that ? Also they don't talk about limiting methods, only endpoints, everything or just the post api.
well, I want it to become more of a public json api. How can I do that ?

I didnt think about using .htaccess, it was then trivial.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^wp-json/wp/v2/users.*$ - [R=404]
RewriteRule ^wp-json/wp/v2/settings.*$ - [R=404]
RewriteRule ^wp-json/wp/v2/statuses.*$ - [R=404]
RewriteRule ^wp-json/wp/v2/comments.*$ - [R=404]
RewriteCond %{REQUEST_METHOD} !GET
RewriteRule ^wp-json/.*$ - [R=404]
</IfModule>
Allows me to prevent from getting users, settings, statuses and comments at all, the two last lines prevents from using anything but GET.

Related

Redirect-Rules in SAP-Commerce (.htaccess to SAP-equivalent)

I'm trying to set up redirect-rules in SAP Commerce, but I'm kind of struggling to get this going:
In my past, I always had a .htaccess file with content like this:
RewriteCond %{HTTP_HOST} ^example\.de$ [NC,OR]
RewriteCond %{HTTP_HOST} ^www.example\.de$ [NC,OR]
RewriteRule ^(.*)$ https://www.my-new-example.de/$1 [L,R=301]
But this seems to be invalid for SAP-Commerce. I followed this very short example here. It seems like I'm supposed to use Redirect and RedirectMatch, which I'm not familiar with. Is this simply another way to write it? Is the rewrite-equivalent simply apache-specific?
Anyway, I'm still not getting the desired result, as if the the redirects aren't loaded.
My current file looks like this:
Redirect "^example\.de$"
RedirectMatch "https://www.my-new-example.de/$1"
and I even tried to cut it down to the very basics:
Redirect "https://example.com$"
RedirectMatch "https://new-example.com/$1"
My desired output or behaviour would be, that if a user navigates to:
https://example.com/some/params?id=10
ends up on
https://my-new-example.com/some/params?id=10

301 redirect adding param to URL after rewriting URL with mod_rewrite

I am rewriting my URLs like this:
RewriteRule ^/?page/([a-z0-9\-]*)/ /page.php?url=$1 [L]
Now I changed an URL and want to redirect it with 301:
Redirect 301 /page/example-old/ /page/example-new/
The problem: It adds the URL param. Result is:
/page/example-new/?url=example-new
What am I doing wrong? I want the redirect without the added URL param.
If you are using mod_rewrite already, it is usually best to implement redirecws with mod_rewrite as well:
RewriteRule ^/?page/example-old/ /page/example-new/ [R=301,L]
RewriteRule ^/?page/([a-z0-9\-]*)/ /page.php?url=$1 [L]
That way the first rule prevents the second rule from running because the first rule uses the L (last) flag.

What is fbclid? the new facebook parameter [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 3 years ago.
Improve this question
For two days, I have noticed that the URL that I publish on Facebook, there is a parameter is added:
?fbclid=uFCrBkUgEvKg...
To be more precise something like: http://example.com?fbclid=uFCrBkUgEvKg...
Does anyone know what this parameter does?
What is it for and what is the use of the developers?
Thanks for your comments.
I know that gclid, is short for (Google Click Identifier)
It's a unique tracking parameter that Google uses to transfer information between your Google Ads account and your Google Analytics account.
Facebook must be doing the same thing or something similar with fbclid to improve tracking analytics systems.
This helped me: https://greasyfork.org/en/forum/discussion/44083/fbclid-tracking-parameter-attached-by-facebook
Here is cite from the link:
Put this code in your .htaccess file:
RewriteCond %{QUERY_STRING} "fbclid=" [NC]
RewriteRule (.*) /$1? [R=301,L]
If you work in WordPress:
RewriteEngine On
RewriteBase /
RewriteCond %{QUERY_STRING} "fbclid=" [NC]
RewriteRule (.*) /$1? [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
As I understand it, the parameter is a means of tracking the site visitor so that if your site includes advertising from Facebook, they can customise it to match the recorded browsing habits of the visitor.
The Apache mod_rewrite solution above is problematic because it strips the entire query string. If the URL already had a query string, this will break it. To strip just the fbclid parameter, it's useful to note that Facebook always appends it to a URL, so it's always last. That simplies the mod_rewrite code a little. This is what I do:
# Strip Facebook spyware tokens
RewriteCond %{REQUEST_METHOD} =GET [NC,OR]
RewriteCond %{REQUEST_METHOD} =HEAD [NC]
RewriteCond %{QUERY_STRING} ^(.*)&?fbclid=[^&]+$ [NC]
RewriteRule ^/?(.*)$ /$1?%1 [NE,L,R=301,E=limitcache:1]
Header always set Cache-Control "max-age=604800" env=limitcache
The E=limitcache:1 flag and Header directive is to limit how long the 301 redirect is cached. By default many browsers cache it literally forever. This reduces that to one week (or 604,800 seconds). I may be in a minority in thinking this, but that seems good practice to me. I don't know how long fbclid tokens persist, but if they're long-lasting, it means Facebook will be directing visitors to the same URLs for a long time, and if you ever want to support Facebook's targeted adverts, or if they start using the fbclid for other functionality that you need, you may find these permanently-cached redirects come back to bite. But if you're willing to risk it, you can delete both the Header directive and the E=limitcache:1 flag.
The two tests of %{REQUEST_METHOD} are to prevent Apache from redirecting POST requests (or more esoteric requests like PUT or DELETE, if they're relevant). Most browsers change the request to be a GET requests on a 301 or 302 redirect, which is explicitly allowed by RFC 7231. There is a new 308 redirect code must not have its method rewritten, but unfortunately it's not supported by Internet Explorer on Windows 7 (and probably never will be).
Another approach, how to remove this parameter (so your users can share your URL without removing it manually) is to use JavaScript and history.replaceState.
All credits go to original author - https://www.michalspacek.cz/zmena-url-a-skryvani-fbclid-pomoci-javascriptu
Code from link:
(function() {
var param = 'fbclid';
if (location.search.indexOf(param + '=') !== -1) {
var replace = '';
try {
var url = new URL(location);
url.searchParams.delete(param);
replace = url.href;
} catch (ex) {
var regExp = new RegExp('[?&]' + param + '=.*$');
replace = location.search.replace(regExp, '');
replace = location.pathname + replace + location.hash;
}
history.replaceState(null, '', replace);
}
})();

Helicon ISAPI_Rewrite 301 redirect certain files from one folder to another

We moved our sites one folder to another folder. Some services we had to keep on old location still. So we had to keep old the folder.
We had this on our helicon ISAPI .htaccess file on root of FolderA
RewriteRule ^(\w+)\/(\w+)\/(\w+)\/t_(\d+)\/ /folderA/top.aspx?id=$4&linkki=$0
How do we make 301 redirect to new location (folderB)? I know we could make this.
RewriteRule ^(\w+)\/(\w+)\/(\w+)\/t_(\d+)\/ /folderB/top.aspx?id=$4&linkki=$0
But it is not the same as doing 301 redirect to user (and for search engines).
To redirect the folderA to the folderB, you want to redirect as in your comment in the other answer.
This will redirect /folderA/blabla/blalba/bla/t_2345 to /folderB/blabla/blalba/bla/t_2345
RewriteRule ^/folderA\/(\w+)\/(\w+)/(\w+)\/t_(\d+)$ /folderB/$1/$2/$3/t_$4 [NC,R=301,L]
If the number of folders changes, but they all end in t_digits, you could look for anything between the folderA and the t_digits. e.g., this will redirect /folderA/abcdef/t_1234 to /folderB/abcdef/t_1234
RewriteRule ^/folderA\/(.+)\/t_(\d+)$ /folderB/$1/t_$2 [NC,R=301,L]
You may have to adjust whether to keep the leading slash, depending on how things are configured. Also, your question has a trailing slash, but the comment examples don't, so add or remove a trailing slash depending what you really need.
EDIT:
A side note about the permanent redirect. While debugging this, use [NC,R,L] without the 301. When the redirect is permanent (301), the browser often caches a previous rule. When done testing, change it to permanent. See number 2 and 3 in this answer: https://stackoverflow.com/a/9204355/292060
To make it valid 301 redirect just add the following flag at the end of the rule:
RewriteRule ^(\w+)/(\w+)/(\w+)/t_(\d+)/?$ /folderB/top.aspx?id=$4&linkki=$0 [NC,R=301,L]

in htaccess redirect url following a rule

enter code herei have developed a facebook application for example on apps.facebook.com/myappname/, it's a web application hosts on myappname.mydomain.com.
in facebook applications just the url base is different, the second part url is the same, for example:
myappname.mydomain.com/home
apps.facebook.com/myappname/home
myappname.mydomain.com/product
apps.facebook.com/myappname/product
i'd like show just facebook url, not real url so for this reason i need to create a rule redirect in htaccess. i mean a rule which changes just base url from apps.facebook.com/myappname/ to myappname.mydomain.com/
is it possibile? tx, best regards
waiting help i'm working on solution and maybe this is apart of one. in htaccess i added this code
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} !apps.facebook.com/myappname$ [NC]
RewriteRule ^(.*)$ https://apps.facebook.com/myappname/$1 [L,R=301]
but as you know facebook application is like an iframe so in this way starts a included loop an my app doesn't work. i need add condition to this rule, "when url is not in facebook iframe" have idea? tx
RewriteCond %{HTTP_HOST} !apps.facebook.com/myappname$ [NC]
This will always be true, because a request reaching your server will never have the HTTP_HOST set to apps.facebook.com. (And the path component of an URL is not part of the domain name …)
The only thing you could do with mod_rewrite in this case is checking the HTTP Referer, I guess – if it’s anything else than apps.facebook.com, then your app is likely being called outside of the FB iframe. (But how unreliable the referer is, should be common knowledge by now.)
Your best bet is to use JavaScript to check if your app is being called within an iframe or on it’s own (and if it is in an iframe, assume it is on apps.facebook.com.)
if(top == window) {
// not in iframe, redirect:
window.location.href = "{your app’s URL on facebook}";
}
This would fire only if your app is called directly in the top browser window – if it is framed, no matter if on facebook.com or not, this code will do nothing.
You could add an X-Frame-Options header in your server config, so that your app will only be allowed to be displayed in an (i)frame on apps.facebook.com, and not anywhere else. If you combine that with the JS approach, you can be pretty sure that if your app is “framed”, it is on apps.facebook.com and not somewhere else.
after two working days i understand this, tx for your reply, this is my javascript solution
<script>
if (parent.location.href == self.location.href) {
window.location.href = 'https://apps.facebook.com/myappname' + window.location.pathname;
//alert(window.location.pathname);
}
</script>
PS. tx to MAX!!!