Defining the Setting's allowed entries
With the Schema Settings module, you can retrieve the settings from the site (stored in table wp_options
), by querying field option
:
{
optionValue(name: "home")
}
For security reasons, which options can be queried must be explicitly configured.
By default, only the following options can be queried:
"siteurl"
"home"
"blogname"
"blogdescription"
"WPLANG"
"posts_per_page"
"date_format"
"time_format"
"blog_charset"
Settings response permalink
When executing field option
, if access to the option name is not allowed in the Settings page, the query returns an error.
For instance, executing this query:
{
optionValue(name: "nonExistentOption")
}
Returns:
{
"errors": [
{
"message": "There is no option with name 'nonExistentOption'",
"extensions": {
"type": "Root",
"id": "root",
"field": "optionValue(name:\"nonExistentOption\")"
}
}
],
"data": {
"option": null
}
}
Otherwise, the response is the value for the settings with the specified name.
Configuring the allowed options permalink
In the "Schema Settings" tab from the Settings, we must configure the list of options that can be queried via option
.
Each entry can either be:
- A regex (regular expression), if it's surrounded by
/
, or - The full option name, otherwise
For instance, both entries siteurl
and /site.*/
match option name "siteurl"
.
There are 2 behaviors, "Allow access" and "Deny access":
๐๐ฝ Allow access: only the configured entries can be accessed, and no other can
๐๐ฝ Deny access: the configured entries cannot be accessed, all other entries can