{"html_url": "https://github.com/simonw/datasette/issues/835#issuecomment-652159398", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/835", "id": 652159398, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE1OTM5OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:03:51Z", "updated_at": "2020-07-01T03:03:51Z", "author_association": "OWNER", "body": "I'm going to add some tests for this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 637363686, "label": "Mechanism for skipping CSRF checks on API posts"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-652162722", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 652162722, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2MjcyMg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:16:07Z", "updated_at": "2020-07-01T03:16:07Z", "author_association": "OWNER", "body": "The response from this will never be a 302 - it will always be a 200 if the response worked or a 400 for bad parameters or a 500 for errors. The body returned will always be in JSON format.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/812#issuecomment-652163450", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/812", "id": 652163450, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2MzQ1MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:18:51Z", "updated_at": "2020-07-01T03:20:28Z", "author_association": "OWNER", "body": "This can be a plugin hook:\r\n\r\n```python\r\n@hookspec\r\ndef forbidden(datasette, request, message, send):\r\n    \"Custom response for a 403 forbidden error\"\r\n```\r\nIf the hook returns a `Response` object, it will be returned to the user. Plugins are likely to want to return a redirect response.\r\n\r\nMaybe the hook can instead use the `send` argument to respond to the request and return `True` which means \"I've responded to this\"?\r\n\r\nI'm going to leave `send` off for the moment - I can add that in the future if it turns out it would have been a good idea.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634112607, "label": "Ability to customize what happens when a view permission fails"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/812#issuecomment-652165709", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/812", "id": 652165709, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2NTcwOQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:26:35Z", "updated_at": "2020-07-01T03:26:35Z", "author_association": "OWNER", "body": "This case may not be covered without extra work:\r\nhttps://github.com/simonw/datasette/blob/3ec5b1abf6afa2d22a3378092809a1a8c0249d26/datasette/views/database.py#L122-L123", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634112607, "label": "Ability to customize what happens when a view permission fails"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652182990", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652182990, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE4Mjk5MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T04:29:38Z", "updated_at": "2020-07-01T04:42:59Z", "author_association": "OWNER", "body": "Have you tried the method described here? https://datasette.readthedocs.io/en/latest/internals.html#csrf-protection - I'm happy to bulk out that section of the documentation if that doesn't help solve your problem.\r\n\r\nI just closed #835 which should make CSRF protection easier to work with - it won't interfere with requests without cookies or requests with `Authentication: Bearer token` tokens. See also https://github.com/simonw/asgi-csrf/issues/11\r\n\r\nYou can try out `pip install datasette==0.45a5` to get those features. Hopefully releasing a full 0.45 tomorrow.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652520496", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652520496, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjUyMDQ5Ng==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T16:26:52Z", "updated_at": "2020-07-01T16:26:52Z", "author_association": "OWNER", "body": "Tokens get verified by plugins. So far there's only one: https://github.com/simonw/datasette-auth-tokens - which has you hard-coding plugins in a configuration file. I have a issue there to add support for database-backed tokens too: https://github.com/simonw/datasette-auth-tokens/issues/1", "reactions": "{\"total_count\": 1, \"+1\": 1, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652597975", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652597975, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjU5Nzk3NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T19:12:15Z", "updated_at": "2020-07-01T19:12:15Z", "author_association": "OWNER", "body": "The latest release of https://github.com/simonw/datasette-auth-tokens (0.2) now supports SQL configuration of tokens.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/882#issuecomment-652604569", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/882", "id": 652604569, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjYwNDU2OQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T19:27:17Z", "updated_at": "2020-07-01T19:27:17Z", "author_association": "OWNER", "body": "Don't forget to update the news in the README.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648673556, "label": "Release notes for 0.45"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-652646487", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 652646487, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjY0NjQ4Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T21:05:48Z", "updated_at": "2020-07-01T21:05:48Z", "author_association": "OWNER", "body": "I've been testing the WIP using this in the console:\r\n```javascript\r\nfetch('/data/add_name.json', {\r\n  method: 'POST',\r\n  body: 'name=XXXfetch',\r\n  credentials: 'omit',\r\n  headers: {'Content-Type': 'application/x-www-form-urlencoded'}\r\n})\r\n.then(response => console.log(response))\r\n```\r\nAgainst a canned query configured like this:\r\n```yaml\r\ndatabases:\r\n  data:\r\n    queries:\r\n      add_name:\r\n        sql: insert into names (name) values (:name)\r\n        write: true\r\n```\r\nI haven't got it to work yet. Latest error is this one:\r\n```\r\nINFO:     Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit)\r\nTraceback (most recent call last):\r\n  File \"/Users/simon/Dropbox/Development/datasette/datasette/app.py\", line 975, in route_path\r\n    await response.asgi_send(send)\r\nAttributeError: 'tuple' object has no attribute 'asgi_send'\r\nINFO:     127.0.0.1:49938 - \"POST /data/add_name.json HTTP/1.1\" 500 Internal Server Error\r\n```\r\nIt looks like I'm going to have to rethink how the `BaseView` code around tables, formats and hashes is structured in order to fix this. That's a big refactoring! I'm moving this to a new milestone for Datasette 0.46.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/882#issuecomment-652663177", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/882", "id": 652663177, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjY2MzE3Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T21:48:08Z", "updated_at": "2020-07-01T21:48:08Z", "author_association": "OWNER", "body": "https://datasette.readthedocs.io/en/latest/changelog.html#v0-45", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648673556, "label": "Release notes for 0.45"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/885#issuecomment-652681996", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/885", "id": 652681996, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjY4MTk5Ng==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T22:44:47Z", "updated_at": "2020-07-01T22:44:47Z", "author_association": "OWNER", "body": "https://simonwillison.net/2020/Jul/1/datasette-045/", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 649373451, "label": "Blog entry about the release"}, "performed_via_github_app": null}