{"html_url": "https://github.com/simonw/datasette/issues/835#issuecomment-652159398", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/835", "id": 652159398, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE1OTM5OA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:03:51Z", "updated_at": "2020-07-01T03:03:51Z", "author_association": "OWNER", "body": "I'm going to add some tests for this.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 637363686, "label": "Mechanism for skipping CSRF checks on API posts"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/859#issuecomment-652160909", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/859", "id": 652160909, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2MDkwOQ==", "user": {"value": 3243482, "label": "abdusco"}, "created_at": "2020-07-01T03:09:32Z", "updated_at": "2020-07-01T03:10:21Z", "author_association": "CONTRIBUTOR", "body": "I've just realized Datasette tries to count hidden tables too. There are 5 visible tables, 25 hidden tables, which I haven't realize earlier to consider their effect. I've turned off counting for hidden tables to see if it has any effect.\r\n\r\nWhat's the point of counting FTS tables?", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 642572841, "label": "Database page loads too slowly with many large tables (due to table counts)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-652162722", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 652162722, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2MjcyMg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:16:07Z", "updated_at": "2020-07-01T03:16:07Z", "author_association": "OWNER", "body": "The response from this will never be a 302 - it will always be a 200 if the response worked or a 400 for bad parameters or a 500 for errors. The body returned will always be in JSON format.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/812#issuecomment-652163450", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/812", "id": 652163450, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2MzQ1MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:18:51Z", "updated_at": "2020-07-01T03:20:28Z", "author_association": "OWNER", "body": "This can be a plugin hook:\r\n\r\n```python\r\n@hookspec\r\ndef forbidden(datasette, request, message, send):\r\n    \"Custom response for a 403 forbidden error\"\r\n```\r\nIf the hook returns a `Response` object, it will be returned to the user. Plugins are likely to want to return a redirect response.\r\n\r\nMaybe the hook can instead use the `send` argument to respond to the request and return `True` which means \"I've responded to this\"?\r\n\r\nI'm going to leave `send` off for the moment - I can add that in the future if it turns out it would have been a good idea.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634112607, "label": "Ability to customize what happens when a view permission fails"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/812#issuecomment-652165709", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/812", "id": 652165709, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2NTcwOQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:26:35Z", "updated_at": "2020-07-01T03:26:35Z", "author_association": "OWNER", "body": "This case may not be covered without extra work:\r\nhttps://github.com/simonw/datasette/blob/3ec5b1abf6afa2d22a3378092809a1a8c0249d26/datasette/views/database.py#L122-L123", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 634112607, "label": "Ability to customize what happens when a view permission fails"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652166115", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652166115, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2NjExNQ==", "user": {"value": 3243482, "label": "abdusco"}, "created_at": "2020-07-01T03:28:07Z", "updated_at": "2020-07-01T03:28:07Z", "author_association": "CONTRIBUTOR", "body": "Does this mean custom routes get to expose endpoints accepting POST requests? I've tried earlier to add some POST endpoints, but requests were being rejected by Datasette due to CSRF", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652182990", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652182990, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE4Mjk5MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T04:29:38Z", "updated_at": "2020-07-01T04:42:59Z", "author_association": "OWNER", "body": "Have you tried the method described here? https://datasette.readthedocs.io/en/latest/internals.html#csrf-protection - I'm happy to bulk out that section of the documentation if that doesn't help solve your problem.\r\n\r\nI just closed #835 which should make CSRF protection easier to work with - it won't interfere with requests without cookies or requests with `Authentication: Bearer token` tokens. See also https://github.com/simonw/asgi-csrf/issues/11\r\n\r\nYou can try out `pip install datasette==0.45a5` to get those features. Hopefully releasing a full 0.45 tomorrow.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652255960", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652255960, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjI1NTk2MA==", "user": {"value": 3243482, "label": "abdusco"}, "created_at": "2020-07-01T07:52:25Z", "updated_at": "2020-07-01T08:10:00Z", "author_association": "CONTRIBUTOR", "body": "I am calling the API from another origin, so injecting CSRF token into templates wouldn't work.\r\n\r\nEDIT:\r\n\r\nI'll try the new version, it sounds promising", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652261382", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652261382, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjI2MTM4Mg==", "user": {"value": 3243482, "label": "abdusco"}, "created_at": "2020-07-01T08:03:17Z", "updated_at": "2020-07-01T08:03:23Z", "author_association": "CONTRIBUTOR", "body": "Bearer tokens sound interesting. Where do tokens come from? An auth provider of my choosing? How do they get verified?", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/883#issuecomment-652297139", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/883", "id": 652297139, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjI5NzEzOQ==", "user": {"value": 3243482, "label": "abdusco"}, "created_at": "2020-07-01T09:11:29Z", "updated_at": "2020-07-01T09:11:29Z", "author_association": "CONTRIBUTOR", "body": "Turns out we should include hidden tables in the result dict, or we're breaking tests. I've committed a refactor https://github.com/simonw/datasette/pull/883/commits/4f06e1bf6fbe4b73be770b87f610bf7c0e6e3ea7", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648749062, "label": "Skip counting hidden tables"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/883#issuecomment-652311990", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/883", "id": 652311990, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjMxMTk5MA==", "user": {"value": 22429695, "label": "codecov[bot]"}, "created_at": "2020-07-01T09:40:40Z", "updated_at": "2020-07-01T09:40:40Z", "author_association": "NONE", "body": "# [Codecov](https://codecov.io/gh/simonw/datasette/pull/883?src=pr&el=h1) Report\n> Merging [#883](https://codecov.io/gh/simonw/datasette/pull/883?src=pr&el=desc) into [master](https://codecov.io/gh/simonw/datasette/commit/676bb64c877d73f8ff496cef4632f5a8a5a9283c&el=desc) will **not change** coverage.\n> The diff coverage is `n/a`.\n\n[![Impacted file tree graph](https://codecov.io/gh/simonw/datasette/pull/883/graphs/tree.svg?width=650&height=150&src=pr&token=eSahVY7kw1)](https://codecov.io/gh/simonw/datasette/pull/883?src=pr&el=tree)\n\n```diff\n@@           Coverage Diff           @@\n##           master     #883   +/-   ##\n=======================================\n  Coverage   83.42%   83.42%           \n=======================================\n  Files          27       27           \n  Lines        3632     3632           \n=======================================\n  Hits         3030     3030           \n  Misses        602      602           \n```\n\n\n\n------\n\n[Continue to review full report at Codecov](https://codecov.io/gh/simonw/datasette/pull/883?src=pr&el=continue).\n> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta)\n> `\u0394 = absolute <relative> (impact)`, `\u00f8 = not affected`, `? = missing data`\n> Powered by [Codecov](https://codecov.io/gh/simonw/datasette/pull/883?src=pr&el=footer). Last update [676bb64...251884f](https://codecov.io/gh/simonw/datasette/pull/883?src=pr&el=lastupdated). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments).\n", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648749062, "label": "Skip counting hidden tables"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/pull/883#issuecomment-652394742", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/883", "id": 652394742, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjM5NDc0Mg==", "user": {"value": 3243482, "label": "abdusco"}, "created_at": "2020-07-01T12:41:13Z", "updated_at": "2020-07-01T12:41:13Z", "author_association": "CONTRIBUTOR", "body": "Well tests need to be updated.\r\n \r\nI need to get tests working on Windows.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648749062, "label": "Skip counting hidden tables"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652520496", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652520496, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjUyMDQ5Ng==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T16:26:52Z", "updated_at": "2020-07-01T16:26:52Z", "author_association": "OWNER", "body": "Tokens get verified by plugins. So far there's only one: https://github.com/simonw/datasette-auth-tokens - which has you hard-coding plugins in a configuration file. I have a issue there to add support for database-backed tokens too: https://github.com/simonw/datasette-auth-tokens/issues/1", "reactions": "{\"total_count\": 1, \"+1\": 1, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/877#issuecomment-652597975", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/877", "id": 652597975, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjU5Nzk3NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T19:12:15Z", "updated_at": "2020-07-01T19:12:15Z", "author_association": "OWNER", "body": "The latest release of https://github.com/simonw/datasette-auth-tokens (0.2) now supports SQL configuration of tokens.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648421105, "label": "Consider dropping explicit CSRF protection entirely?"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/882#issuecomment-652604569", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/882", "id": 652604569, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjYwNDU2OQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T19:27:17Z", "updated_at": "2020-07-01T19:27:17Z", "author_association": "OWNER", "body": "Don't forget to update the news in the README.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648673556, "label": "Release notes for 0.45"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-652646487", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 652646487, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjY0NjQ4Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T21:05:48Z", "updated_at": "2020-07-01T21:05:48Z", "author_association": "OWNER", "body": "I've been testing the WIP using this in the console:\r\n```javascript\r\nfetch('/data/add_name.json', {\r\n  method: 'POST',\r\n  body: 'name=XXXfetch',\r\n  credentials: 'omit',\r\n  headers: {'Content-Type': 'application/x-www-form-urlencoded'}\r\n})\r\n.then(response => console.log(response))\r\n```\r\nAgainst a canned query configured like this:\r\n```yaml\r\ndatabases:\r\n  data:\r\n    queries:\r\n      add_name:\r\n        sql: insert into names (name) values (:name)\r\n        write: true\r\n```\r\nI haven't got it to work yet. Latest error is this one:\r\n```\r\nINFO:     Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit)\r\nTraceback (most recent call last):\r\n  File \"/Users/simon/Dropbox/Development/datasette/datasette/app.py\", line 975, in route_path\r\n    await response.asgi_send(send)\r\nAttributeError: 'tuple' object has no attribute 'asgi_send'\r\nINFO:     127.0.0.1:49938 - \"POST /data/add_name.json HTTP/1.1\" 500 Internal Server Error\r\n```\r\nIt looks like I'm going to have to rethink how the `BaseView` code around tables, formats and hashes is structured in order to fix this. That's a big refactoring! I'm moving this to a new milestone for Datasette 0.46.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/882#issuecomment-652663177", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/882", "id": 652663177, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjY2MzE3Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T21:48:08Z", "updated_at": "2020-07-01T21:48:08Z", "author_association": "OWNER", "body": "https://datasette.readthedocs.io/en/latest/changelog.html#v0-45", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648673556, "label": "Release notes for 0.45"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/885#issuecomment-652681996", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/885", "id": 652681996, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjY4MTk5Ng==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T22:44:47Z", "updated_at": "2020-07-01T22:44:47Z", "author_association": "OWNER", "body": "https://simonwillison.net/2020/Jul/1/datasette-045/", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 649373451, "label": "Blog entry about the release"}, "performed_via_github_app": null}