issue_comments: 691785692

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/880#issuecomment-691785692 https://api.github.com/repos/simonw/datasette/issues/880 691785692 MDEyOklzc3VlQ29tbWVudDY5MTc4NTY5Mg== 9599 2020-09-14T03:10:11Z 2020-09-14T03:10:11Z OWNER

Answer: no, it's not safe to skip CSRF if there's an Accept: application/json header because of a nasty old crossdomain.xml Flash vulnerability: https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b?gi=a5ee3d7a8235

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
648637666  
Powered by Datasette · Query took 1.503ms · About: github-to-sqlite