html_url,issue_url,id,node_id,user,created_at,updated_at,author_association,body,reactions,issue,performed_via_github_app
https://github.com/simonw/datasette/issues/880#issuecomment-652162722,https://api.github.com/repos/simonw/datasette/issues/880,652162722,MDEyOklzc3VlQ29tbWVudDY1MjE2MjcyMg==,9599,2020-07-01T03:16:07Z,2020-07-01T03:16:07Z,OWNER,The response from this will never be a 302 - it will always be a 200 if the response worked or a 400 for bad parameters or a 500 for errors. The body returned will always be in JSON format.,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-652646487,https://api.github.com/repos/simonw/datasette/issues/880,652646487,MDEyOklzc3VlQ29tbWVudDY1MjY0NjQ4Nw==,9599,2020-07-01T21:05:48Z,2020-07-01T21:05:48Z,OWNER,"I've been testing the WIP using this in the console:
```javascript
fetch('/data/add_name.json', {
method: 'POST',
body: 'name=XXXfetch',
credentials: 'omit',
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
})
.then(response => console.log(response))
```
Against a canned query configured like this:
```yaml
databases:
data:
queries:
add_name:
sql: insert into names (name) values (:name)
write: true
```
I haven't got it to work yet. Latest error is this one:
```
INFO: Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit)
Traceback (most recent call last):
File ""/Users/simon/Dropbox/Development/datasette/datasette/app.py"", line 975, in route_path
await response.asgi_send(send)
AttributeError: 'tuple' object has no attribute 'asgi_send'
INFO: 127.0.0.1:49938 - ""POST /data/add_name.json HTTP/1.1"" 500 Internal Server Error
```
It looks like I'm going to have to rethink how the `BaseView` code around tables, formats and hashes is structured in order to fix this. That's a big refactoring! I'm moving this to a new milestone for Datasette 0.46.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-691557429,https://api.github.com/repos/simonw/datasette/issues/880,691557429,MDEyOklzc3VlQ29tbWVudDY5MTU1NzQyOQ==,9599,2020-09-12T21:59:39Z,2020-09-12T21:59:39Z,OWNER,"What should happen when something does a POST to an extension that was registered by a plugin, e.g. `POST /db/table.atom` ?","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-691557675,https://api.github.com/repos/simonw/datasette/issues/880,691557675,MDEyOklzc3VlQ29tbWVudDY5MTU1NzY3NQ==,9599,2020-09-12T22:01:02Z,2020-09-12T22:01:11Z,OWNER,"Maybe POST to `.json` doesn't actually make sense. I could instead support `POST /db/queryname` with an optional mechanism for requesting that the response to that POST be in a JSON format.
Could be a `Accept: application/json` header with an option of including `""_accept"": ""json""` as a POST parameter instead.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-691558387,https://api.github.com/repos/simonw/datasette/issues/880,691558387,MDEyOklzc3VlQ29tbWVudDY5MTU1ODM4Nw==,9599,2020-09-12T22:04:48Z,2020-09-12T22:04:48Z,OWNER,"Is it safe to skip CSRF checks if the incoming request has `Accept: application/json` on it?
I'm not sure that matters since `asgi-csrf` already won't reject requests that either have no cookies or are using a `Authorization: Bearer ...` header.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-691785692,https://api.github.com/repos/simonw/datasette/issues/880,691785692,MDEyOklzc3VlQ29tbWVudDY5MTc4NTY5Mg==,9599,2020-09-14T03:10:11Z,2020-09-14T03:10:11Z,OWNER,"Answer: no, it's [not safe](https://twitter.com/glenathan/status/1305081266065244162) to skip CSRF if there's an `Accept: application/json` header because of a nasty old `crossdomain.xml` Flash vulnerability: https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b?gi=a5ee3d7a8235","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-692271804,https://api.github.com/repos/simonw/datasette/issues/880,692271804,MDEyOklzc3VlQ29tbWVudDY5MjI3MTgwNA==,9599,2020-09-14T19:41:37Z,2020-09-14T19:41:37Z,OWNER,Relevant code section: https://github.com/simonw/datasette/blob/1552ac931e4d2cf516caac3ceeab4fd24da1510a/datasette/views/database.py#L209-L232,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-692272860,https://api.github.com/repos/simonw/datasette/issues/880,692272860,MDEyOklzc3VlQ29tbWVudDY5MjI3Mjg2MA==,9599,2020-09-14T19:43:47Z,2020-09-14T19:43:47Z,OWNER,"I'm going to add support for POST content that is sent as a JSON document, in addition to the existing support for key=value encoded POST bodies.","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-692298011,https://api.github.com/repos/simonw/datasette/issues/880,692298011,MDEyOklzc3VlQ29tbWVudDY5MjI5ODAxMQ==,9599,2020-09-14T20:33:13Z,2020-09-14T20:33:13Z,OWNER,"I'm going to support several ways of indicating that you would like a JSON response instead of getting a HTTP redirect from your writable canned query submission:
- Use the `Accept: application/json` request header
- Include `?_json=1` in the request query string
- Include `""_json"": 1` in the form submission (or the JSON body submission)","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-692299770,https://api.github.com/repos/simonw/datasette/issues/880,692299770,MDEyOklzc3VlQ29tbWVudDY5MjI5OTc3MA==,9599,2020-09-14T20:36:40Z,2020-09-14T20:36:40Z,OWNER,"The JSON response will look like this:
```json
{
""ok"": true,
""message"": ""A message"",
""redirect"": ""/blah""
}
```
`""ok""` will be `true` if everything went right and `false` if there was an error.
The `""message""` and `""redirect""` will be whatever was configured using the on_success_message - the message shown `on_success_message`, `on_success_redirect`, `on_error_message` and `on_error_redirect` settings, see https://docs.datasette.io/en/stable/sql_queries.html#writable-canned-queries","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,
https://github.com/simonw/datasette/issues/880#issuecomment-692324230,https://api.github.com/repos/simonw/datasette/issues/880,692324230,MDEyOklzc3VlQ29tbWVudDY5MjMyNDIzMA==,9599,2020-09-14T21:28:15Z,2020-09-14T21:28:21Z,OWNER,Documentation here: https://docs.datasette.io/en/latest/sql_queries.html#json-api-for-writable-canned-queries,"{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",648637666,