{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-692324230", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 692324230, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MjMyNDIzMA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-14T21:28:15Z", "updated_at": "2020-09-14T21:28:21Z", "author_association": "OWNER", "body": "Documentation here: https://docs.datasette.io/en/latest/sql_queries.html#json-api-for-writable-canned-queries", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-692299770", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 692299770, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MjI5OTc3MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-14T20:36:40Z", "updated_at": "2020-09-14T20:36:40Z", "author_association": "OWNER", "body": "The JSON response will look like this:\r\n```json\r\n{\r\n  \"ok\": true,\r\n  \"message\": \"A message\",\r\n  \"redirect\": \"/blah\"\r\n}\r\n```\r\n`\"ok\"` will be `true` if everything went right and `false` if there was an error.\r\n\r\nThe `\"message\"` and `\"redirect\"` will be whatever was configured using the on_success_message - the message shown `on_success_message`, `on_success_redirect`, `on_error_message` and `on_error_redirect` settings, see https://docs.datasette.io/en/stable/sql_queries.html#writable-canned-queries", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-692298011", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 692298011, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MjI5ODAxMQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-14T20:33:13Z", "updated_at": "2020-09-14T20:33:13Z", "author_association": "OWNER", "body": "I'm going to support several ways of indicating that you would like a JSON response instead of getting a HTTP redirect from your writable canned query submission:\r\n\r\n- Use the `Accept: application/json` request header\r\n- Include `?_json=1` in the request query string\r\n- Include `\"_json\": 1` in the form submission (or the JSON body submission)", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-692272860", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 692272860, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MjI3Mjg2MA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-14T19:43:47Z", "updated_at": "2020-09-14T19:43:47Z", "author_association": "OWNER", "body": "I'm going to add support for POST content that is sent as a JSON document, in addition to the existing support for key=value encoded POST bodies.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-692271804", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 692271804, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MjI3MTgwNA==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-14T19:41:37Z", "updated_at": "2020-09-14T19:41:37Z", "author_association": "OWNER", "body": "Relevant code section: https://github.com/simonw/datasette/blob/1552ac931e4d2cf516caac3ceeab4fd24da1510a/datasette/views/database.py#L209-L232", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-691785692", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 691785692, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MTc4NTY5Mg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-14T03:10:11Z", "updated_at": "2020-09-14T03:10:11Z", "author_association": "OWNER", "body": "Answer: no, it's [not safe](https://twitter.com/glenathan/status/1305081266065244162) to skip CSRF if there's an `Accept: application/json` header because of a nasty old `crossdomain.xml` Flash vulnerability: https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b?gi=a5ee3d7a8235", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-691558387", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 691558387, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MTU1ODM4Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-12T22:04:48Z", "updated_at": "2020-09-12T22:04:48Z", "author_association": "OWNER", "body": "Is it safe to skip CSRF checks if the incoming request has `Accept: application/json` on it?\r\n\r\nI'm not sure that matters since `asgi-csrf` already won't reject requests that either have no cookies or are using a `Authorization: Bearer ...` header.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-691557675", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 691557675, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MTU1NzY3NQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-12T22:01:02Z", "updated_at": "2020-09-12T22:01:11Z", "author_association": "OWNER", "body": "Maybe POST to `.json` doesn't actually make sense. I could instead support `POST /db/queryname` with an optional mechanism for requesting that the response to that POST be in a JSON format.\r\n\r\nCould be a `Accept: application/json` header with an option of including `\"_accept\": \"json\"` as a POST parameter instead.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-691557429", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 691557429, "node_id": "MDEyOklzc3VlQ29tbWVudDY5MTU1NzQyOQ==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-09-12T21:59:39Z", "updated_at": "2020-09-12T21:59:39Z", "author_association": "OWNER", "body": "What should happen when something does a POST to an extension that was registered by a plugin, e.g. `POST /db/table.atom` ?", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-652646487", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 652646487, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjY0NjQ4Nw==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T21:05:48Z", "updated_at": "2020-07-01T21:05:48Z", "author_association": "OWNER", "body": "I've been testing the WIP using this in the console:\r\n```javascript\r\nfetch('/data/add_name.json', {\r\n  method: 'POST',\r\n  body: 'name=XXXfetch',\r\n  credentials: 'omit',\r\n  headers: {'Content-Type': 'application/x-www-form-urlencoded'}\r\n})\r\n.then(response => console.log(response))\r\n```\r\nAgainst a canned query configured like this:\r\n```yaml\r\ndatabases:\r\n  data:\r\n    queries:\r\n      add_name:\r\n        sql: insert into names (name) values (:name)\r\n        write: true\r\n```\r\nI haven't got it to work yet. Latest error is this one:\r\n```\r\nINFO:     Uvicorn running on http://127.0.0.1:8001 (Press CTRL+C to quit)\r\nTraceback (most recent call last):\r\n  File \"/Users/simon/Dropbox/Development/datasette/datasette/app.py\", line 975, in route_path\r\n    await response.asgi_send(send)\r\nAttributeError: 'tuple' object has no attribute 'asgi_send'\r\nINFO:     127.0.0.1:49938 - \"POST /data/add_name.json HTTP/1.1\" 500 Internal Server Error\r\n```\r\nIt looks like I'm going to have to rethink how the `BaseView` code around tables, formats and hashes is structured in order to fix this. That's a big refactoring! I'm moving this to a new milestone for Datasette 0.46.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}
{"html_url": "https://github.com/simonw/datasette/issues/880#issuecomment-652162722", "issue_url": "https://api.github.com/repos/simonw/datasette/issues/880", "id": 652162722, "node_id": "MDEyOklzc3VlQ29tbWVudDY1MjE2MjcyMg==", "user": {"value": 9599, "label": "simonw"}, "created_at": "2020-07-01T03:16:07Z", "updated_at": "2020-07-01T03:16:07Z", "author_association": "OWNER", "body": "The response from this will never be a 302 - it will always be a 200 if the response worked or a 400 for bad parameters or a 500 for errors. The body returned will always be in JSON format.", "reactions": "{\"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "issue": {"value": 648637666, "label": "POST to /db/canned-query that returns JSON should be supported (for API clients)"}, "performed_via_github_app": null}