issue_comments

Table actions

4 rows where issue = 638212085 and "updated_at" is on date 2020-06-27 sorted by updated_at descending

View and edit SQL

This data as json, CSV (advanced)

Suggested facets: created_at (date), updated_at (date)

user 1

issue 1

  • Magic parameters for canned queries · 4

author_association 1

id html_url issue_url node_id user created_at updated_at ▲ author_association body reactions issue performed_via_github_app
650648434 https://github.com/simonw/datasette/issues/842#issuecomment-650648434 https://api.github.com/repos/simonw/datasette/issues/842 MDEyOklzc3VlQ29tbWVudDY1MDY0ODQzNA== simonw 9599 2020-06-27T23:27:35Z 2020-06-27T23:37:38Z OWNER

I'm going to rename _request_X to _header_X as that better reflects what it now does.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Magic parameters for canned queries 638212085  
650593122 https://github.com/simonw/datasette/issues/842#issuecomment-650593122 https://api.github.com/repos/simonw/datasette/issues/842 MDEyOklzc3VlQ29tbWVudDY1MDU5MzEyMg== simonw 9599 2020-06-27T18:03:02Z 2020-06-27T18:03:10Z OWNER

Security thought: make sure it's not possible to accidentally open up a security hole where an attacker can send a GET request that causes the magic parameter _cookie_ds_actor to be resolved and returned as JSON data that the attacker can see.

This is an open security hole in https://github.com/simonw/datasette/commit/94c1315f0030fd58ce46a9294052c5c9d9d181c7 - it's useful for testing, but I need to remove it before I land that branch.

https://github.com/simonw/datasette/blob/94c1315f0030fd58ce46a9294052c5c9d9d181c7/datasette/views/database.py#L231-L237

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Magic parameters for canned queries 638212085  
650458857 https://github.com/simonw/datasette/issues/842#issuecomment-650458857 https://api.github.com/repos/simonw/datasette/issues/842 MDEyOklzc3VlQ29tbWVudDY1MDQ1ODg1Nw== simonw 9599 2020-06-27T00:11:04Z 2020-06-27T00:11:04Z OWNER

Security thought: make sure it's not possible to accidentally open up a security hole where an attacker can send a GET request that causes the magic parameter _cookie_ds_actor to be resolved and returned as JSON data that the attacker can see.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Magic parameters for canned queries 638212085  
650455793 https://github.com/simonw/datasette/issues/842#issuecomment-650455793 https://api.github.com/repos/simonw/datasette/issues/842 MDEyOklzc3VlQ29tbWVudDY1MDQ1NTc5Mw== simonw 9599 2020-06-26T23:57:30Z 2020-06-27T00:00:16Z OWNER

Maybe I should ship a default _scope_headers_... parameter instead, which reads from a dictionary of scope["headers"] - https://asgi-scope.now.sh/ shows what those look like.

{'client': ('148.64.98.14', 0), 'headers': [[b'host', b'asgi-scope.now.sh'], [b'x-forwarded-for', b'148.64.98.14'], [b'x-vercel-id', b'sw72x-1593215573008-024e4e603806'], [b'x-forwarded-host', b'asgi-scope.now.sh'], [b'accept', b'text/html,application/xhtml+xml,application/xml;q=0.9,image/' b'webp,*/*;q=0.8'], [b'x-real-ip', b'148.64.98.14'], [b'x-vercel-deployment-url', b'asgi-scope-9eyeojbek.now.sh'], [b'upgrade-insecure-requests', b'1'], [b'x-vercel-trace', b'sfo1'], [b'x-forwarded-proto', b'https'], [b'accept-language', b'en-US,en;q=0.5'], [b'user-agent', b'Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:77.0) Gecko' b'/20100101 Firefox/77.0'], [b'x-vercel-forwarded-for', b'148.64.98.14'], [b'accept-encoding', b'gzip, deflate, br'], [b'dnt', b'1'], [b'te', b'trailers']], 'http_version': '1.1', 'method': 'GET', 'path': '/', 'query_string': b'', 'raw_path': b'/', 'root_path': '', 'scheme': 'https', 'server': ('asgi-scope.now.sh', 80), 'type': 'http'}

I'm going to have _request_X actually mean "find the first value for X in scope["headers"]" - with underscores converted to hyphens.

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 Magic parameters for canned queries 638212085  

Advanced export

JSON shape: default, array, newline-delimited, object

CSV options: 

CREATE TABLE [issue_comments] (
   [html_url] TEXT,
   [issue_url] TEXT,
   [id] INTEGER PRIMARY KEY,
   [node_id] TEXT,
   [user] INTEGER REFERENCES [users]([id]),
   [created_at] TEXT,
   [updated_at] TEXT,
   [author_association] TEXT,
   [body] TEXT,
   [reactions] TEXT,
   [issue] INTEGER REFERENCES [issues]([id])
, [performed_via_github_app] TEXT);
CREATE INDEX [idx_issue_comments_issue]
                ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
                ON [issue_comments] ([user]);