[Private APIs] Make the re-registration safeguard opt-in rather than …

…opt-out Gutenberg introduced a system of sharing private APIs in #46131. One of the safeguards is a check preventing the same module from opting-in twice so that contributors cannot easily gain access by pretending to be a core module. That safeguard is only meant for WordPress core and not for the released @WordPress packages. However, right now it is opt-out and must be explicitly disabled by developers wanting to install the @WordPress packages. Let's make it opt-out instead. This commit makes the check opt-in rather than opt-out. Its counterpart in the wordpress-develop repo makes WordPress explicitly set the ALLOW_EXPERIMENT_REREGISTRATION to false: WordPress/wordpress-develop#4121
WordPress · Feb 23, 2023 · 7e9d944 · 7e9d944
1 parent 8c68626
commit 7e9d944
Showing 1 changed file with 7 additions and 4 deletions.
diff --git a/packages/private-apis/src/implementation.js b/packages/private-apis/src/implementation.js
@@ -49,12 +49,15 @@ const requiredConsent =
 
 /** @type {boolean} */
 let allowReRegistration;
-// Use try/catch to force "false" if the environment variable is not explicitly
-// set to true (e.g. when building WordPress core).
+// The safety measure is meant for WordPress core where ALLOW_EXPERIMENT_REREGISTRATION
+// is set to false.
+// For the general use-case, the re-registration should be allowed by default
+// Let's default to true, then. Try/catch will fall back to "true" even if the
+// environment variable is not explicitly defined.
 try {
-	allowReRegistration = process.env.ALLOW_EXPERIMENT_REREGISTRATION ?? false;
+	allowReRegistration = process.env.ALLOW_EXPERIMENT_REREGISTRATION ?? true;
 } catch ( error ) {
-	allowReRegistration = false;
+	allowReRegistration = true;
 }
 
 /**