-
-
Notifications
You must be signed in to change notification settings - Fork 1
Gate Assets Manager frontend bundles behind manage_options #97
Copy link
Copy link
Closed
Labels
area: assets-managerAsset Manager behavior, compatibility, UI, persistence, or per-page controls.Asset Manager behavior, compatibility, UI, persistence, or per-page controls.area: frontendPublic-facing frontend output, assets, feeds, headers, or visitor behavior.Public-facing frontend output, assets, feeds, headers, or visitor behavior.area: performancePerformance-sensitive behavior, page weight, caching, preloading, or resource hints.Performance-sensitive behavior, page weight, caching, preloading, or resource hints.bugConfirmed or likely defect affecting runtime behavior, UX, compatibility, or data handling.Confirmed or likely defect affecting runtime behavior, UX, compatibility, or data handling.priority: mediumUseful or user-impacting work that should be planned but is not blocking now.Useful or user-impacting work that should be planned but is not blocking now.status: in-progressWork has a branch, PR, or active release branch implementation path.Work has a branch, PR, or active release branch implementation path.
Milestone
Description
Metadata
Metadata
Assignees
Labels
area: assets-managerAsset Manager behavior, compatibility, UI, persistence, or per-page controls.Asset Manager behavior, compatibility, UI, persistence, or per-page controls.area: frontendPublic-facing frontend output, assets, feeds, headers, or visitor behavior.Public-facing frontend output, assets, feeds, headers, or visitor behavior.area: performancePerformance-sensitive behavior, page weight, caching, preloading, or resource hints.Performance-sensitive behavior, page weight, caching, preloading, or resource hints.bugConfirmed or likely defect affecting runtime behavior, UX, compatibility, or data handling.Confirmed or likely defect affecting runtime behavior, UX, compatibility, or data handling.priority: mediumUseful or user-impacting work that should be planned but is not blocking now.Useful or user-impacting work that should be planned but is not blocking now.status: in-progressWork has a branch, PR, or active release branch implementation path.Work has a branch, PR, or active release branch implementation path.
Type
Fields
Give feedbackNo fields configured for issues without a type.
Finding
The frontend enqueue guard currently treats any request with
?performas eligible for Assets Manager scripts and styles. The overlay markup itself is capability-gated, but the public frontend bundles can still be forced onto anonymous page views by adding the query parameter.Impact
Anonymous visitors and crawlers can trigger extra CSS/JS payload on otherwise normal frontend pages. That adds avoidable page weight and makes the public query flag behave inconsistently with the actual admin-only overlay.
Suggested implementation
current_user_can( 'manage_options' ).?performworkflow for authorized administrators.Acceptance criteria
?performrequests do not enqueue Assets Manager frontend bundles.