issue_comments
9 rows where issue = 648421105
This data as json, CSV (advanced)
Suggested facets: user, author_association, reactions, created_at (date), updated_at (date)
| id ▼ | html_url | issue_url | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
|---|---|---|---|---|---|---|---|---|---|---|---|
| 651984355 | https://github.com/simonw/datasette/issues/877#issuecomment-651984355 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY1MTk4NDM1NQ== | simonw 9599 | 2020-06-30T19:02:15Z | 2020-06-30T19:02:15Z | OWNER | https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#login-csrf > Login CSRF can be mitigated by creating pre-sessions (sessions before a user is authenticated) and including tokens in login form. Sounds like regular CSRF protection to me. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 | |
| 651984989 | https://github.com/simonw/datasette/issues/877#issuecomment-651984989 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY1MTk4NDk4OQ== | simonw 9599 | 2020-06-30T19:03:25Z | 2020-06-30T19:03:25Z | OWNER | Relevant: #835 | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 | |
| 652166115 | https://github.com/simonw/datasette/issues/877#issuecomment-652166115 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY1MjE2NjExNQ== | abdusco 3243482 | 2020-07-01T03:28:07Z | 2020-07-01T03:28:07Z | CONTRIBUTOR | Does this mean custom routes get to expose endpoints accepting POST requests? I've tried earlier to add some POST endpoints, but requests were being rejected by Datasette due to CSRF | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 | |
| 652182990 | https://github.com/simonw/datasette/issues/877#issuecomment-652182990 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY1MjE4Mjk5MA== | simonw 9599 | 2020-07-01T04:29:38Z | 2020-07-01T04:42:59Z | OWNER | Have you tried the method described here? https://datasette.readthedocs.io/en/latest/internals.html#csrf-protection - I'm happy to bulk out that section of the documentation if that doesn't help solve your problem. I just closed #835 which should make CSRF protection easier to work with - it won't interfere with requests without cookies or requests with `Authentication: Bearer token` tokens. See also https://github.com/simonw/asgi-csrf/issues/11 You can try out `pip install datasette==0.45a5` to get those features. Hopefully releasing a full 0.45 tomorrow. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 | |
| 652255960 | https://github.com/simonw/datasette/issues/877#issuecomment-652255960 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY1MjI1NTk2MA== | abdusco 3243482 | 2020-07-01T07:52:25Z | 2020-07-01T08:10:00Z | CONTRIBUTOR | I am calling the API from another origin, so injecting CSRF token into templates wouldn't work. EDIT: I'll try the new version, it sounds promising | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 | |
| 652261382 | https://github.com/simonw/datasette/issues/877#issuecomment-652261382 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY1MjI2MTM4Mg== | abdusco 3243482 | 2020-07-01T08:03:17Z | 2020-07-01T08:03:23Z | CONTRIBUTOR | Bearer tokens sound interesting. Where do tokens come from? An auth provider of my choosing? How do they get verified? | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 | |
| 652520496 | https://github.com/simonw/datasette/issues/877#issuecomment-652520496 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY1MjUyMDQ5Ng== | simonw 9599 | 2020-07-01T16:26:52Z | 2020-07-01T16:26:52Z | OWNER | Tokens get verified by plugins. So far there's only one: https://github.com/simonw/datasette-auth-tokens - which has you hard-coding plugins in a configuration file. I have a issue there to add support for database-backed tokens too: https://github.com/simonw/datasette-auth-tokens/issues/1 | {"total_count": 1, "+1": 1, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 | |
| 652597975 | https://github.com/simonw/datasette/issues/877#issuecomment-652597975 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY1MjU5Nzk3NQ== | simonw 9599 | 2020-07-01T19:12:15Z | 2020-07-01T19:12:15Z | OWNER | The latest release of https://github.com/simonw/datasette-auth-tokens (0.2) now supports SQL configuration of tokens. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 | |
| 692967733 | https://github.com/simonw/datasette/issues/877#issuecomment-692967733 | https://api.github.com/repos/simonw/datasette/issues/877 | MDEyOklzc3VlQ29tbWVudDY5Mjk2NzczMw== | simonw 9599 | 2020-09-15T20:42:04Z | 2020-09-15T20:42:04Z | OWNER | I'm not going to drop CSRF protection - it's still needed for older browsers - but I have relaxed the circumstances under which it is applied. It only applies to requests that include cookies for example, so API clients that don't send cookies don't need to worry about it. | {"total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0} | Consider dropping explicit CSRF protection entirely? 648421105 |
Advanced export
JSON shape: default, array, newline-delimited, object
CREATE TABLE [issue_comments] (
[html_url] TEXT,
[issue_url] TEXT,
[id] INTEGER PRIMARY KEY,
[node_id] TEXT,
[user] INTEGER REFERENCES [users]([id]),
[created_at] TEXT,
[updated_at] TEXT,
[author_association] TEXT,
[body] TEXT,
[reactions] TEXT,
[issue] INTEGER REFERENCES [issues]([id])
, [performed_via_github_app] TEXT);
CREATE INDEX [idx_issue_comments_issue]
ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
ON [issue_comments] ([user]);