From f32e3a604e7a4f6b1d058b2a28497475143a4334 Mon Sep 17 00:00:00 2001
From: Mario Santos <santosguillamot@gmail.com>
Date: Fri, 17 May 2024 12:23:08 +0200
Subject: [PATCH] Check field is exposed in the REST API

---
 packages/editor/src/bindings/post-meta.js | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/packages/editor/src/bindings/post-meta.js b/packages/editor/src/bindings/post-meta.js
index 312704bbbda29b..160b460bea2a2d 100644
--- a/packages/editor/src/bindings/post-meta.js
+++ b/packages/editor/src/bindings/post-meta.js
@@ -37,7 +37,7 @@ export default {
 				},
 			} );
 	},
-	lockAttributesEditing( { select, context = {} } ) {
+	lockAttributesEditing( { select, context = {}, args } ) {
 		const postId = context.postId
 			? context.postId
 			: select( editorStore ).getCurrentPostId();
@@ -47,7 +47,12 @@ export default {
 
 		// TODO: Check that editing is happening in the post editor and not a template.
 
-		// TODO: Check that the custom field is not protected and available in the REST API.
+		// Check that the custom field is not protected and available in the REST API.
+		const isFieldExposed =
+			select( editorStore ).getEditedPostAttribute( 'meta' )[ args.key ];
+		if ( ! isFieldExposed ) {
+			return true;
+		}
 
 		// Check that the user has the capability to edit post meta.
 		const canUserEdit = select( coreDataStore ).canUserEditEntityRecord(