{"id": 637395097, "node_id": "MDU6SXNzdWU2MzczOTUwOTc=", "number": 838, "title": "Incorrect URLs when served behind a proxy with base_url set", "user": {"value": 79913, "label": "tsibley"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 6026070, "label": "0.51"}, "comments": 14, "created_at": "2020-06-11T23:58:55Z", "updated_at": "2021-11-20T19:35:48Z", "closed_at": "2021-11-20T19:35:48Z", "author_association": "NONE", "pull_request": null, "body": "I'm running `datasette serve --config base_url:/foo/ \u2026`, proxying to it with this Apache config:\r\n\r\n        ProxyPass /foo/ http://localhost:8001/ \r\n        ProxyPassReverse /foo/ http://localhost:8001/ \r\n\r\nand then accessing it via `https://example.com/foo/`.\r\n\r\nAlthough many of the URLs in the pages are correct (presumably because they either use absolute paths which include `base_url` or relative paths), the faceting and pagination links still use fully-qualified URLs pointing at `http://localhost:8001`.\r\n\r\nI looked into this a little in the source code, and it seems to be an issue anywhere `request.url` or `request.path` is used, as these contain the values for the request between the frontend (Apache) and backend (Datasette) server. Those properties are primarily used via the `path_with_\u2026` family of utility functions and the `Datasette.absolute_url` method.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/838/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 637363686, "node_id": "MDU6SXNzdWU2MzczNjM2ODY=", "number": 835, "title": "Mechanism for skipping CSRF checks on API posts", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5533512, "label": "Datasette 0.45"}, "comments": 13, "created_at": "2020-06-11T22:41:10Z", "updated_at": "2020-07-01T03:08:07Z", "closed_at": "2020-07-01T03:08:07Z", "author_association": "OWNER", "pull_request": null, "body": "While experimenting with https://github.com/simonw/datasette-auth-tokens I realized it's not currently possible to build API client programs that POST to Datasette because there's no mechanism for them to skip the CSRF checks added in #798.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/835/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 636722501, "node_id": "MDU6SXNzdWU2MzY3MjI1MDE=", "number": 832, "title": "Having view-table permission but NOT view-database should still grant access to /db/table", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5533512, "label": "Datasette 0.45"}, "comments": 12, "created_at": "2020-06-11T05:12:59Z", "updated_at": "2020-06-30T23:42:11Z", "closed_at": "2020-06-30T23:42:11Z", "author_association": "OWNER", "pull_request": null, "body": "Stumbled into this while working on `datasette-permissions-sql`. I had granted table permissions, but the permission check wasn't even executed because the user failed the previous `view-database` check.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/832/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 637342551, "node_id": "MDU6SXNzdWU2MzczNDI1NTE=", "number": 834, "title": "startup() plugin hook", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5533512, "label": "Datasette 0.45"}, "comments": 6, "created_at": "2020-06-11T21:48:14Z", "updated_at": "2020-06-28T19:38:50Z", "closed_at": "2020-06-13T17:56:12Z", "author_association": "OWNER", "pull_request": null, "body": "It might be useful to have an `startup` hook which gets passed the `datasette` object as soon as Datasette has finished initializing.\r\n\r\nMy initial use-case for this is configuration verification - checking that the `\"plugins\"` configuration block for this plugin contains valid details.\r\n\r\nI imagine there are plenty of other potential uses for this as well.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/834/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 637370652, "node_id": "MDU6SXNzdWU2MzczNzA2NTI=", "number": 837, "title": "Plugin $env secrets mechanism doesn't work inside lists", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 0, "created_at": "2020-06-11T22:59:54Z", "updated_at": "2020-06-12T00:25:20Z", "closed_at": "2020-06-12T00:25:19Z", "author_association": "OWNER", "pull_request": null, "body": "This didn't work:\r\n```json\r\n{\r\n    \"plugins\": {\r\n        \"datasette-auth-tokens\": [\r\n            {\r\n                \"token\": {\r\n                    \"$env\": \"BOT_TOKEN\"\r\n                },\r\n                \"actor\": {\r\n                    \"bot_id\": \"my-bot\"\r\n                }\r\n            }\r\n        ]\r\n    }\r\n}\r\n```", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/837/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 637365801, "node_id": "MDU6SXNzdWU2MzczNjU4MDE=", "number": 836, "title": "actor_matches_allow fails to consider all keys", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 0, "created_at": "2020-06-11T22:46:34Z", "updated_at": "2020-06-11T22:47:25Z", "closed_at": "2020-06-11T22:47:25Z", "author_association": "OWNER", "pull_request": null, "body": "actor: `{\"id\": \"root\"}`\r\n\r\nallow block: `{\"bot_id\": \"my-bot\", \"id\": [\"root\"]}`\r\n\r\nThis should pass, because the `id` matches - but it fails.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/836/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}
{"id": 637253789, "node_id": "MDU6SXNzdWU2MzcyNTM3ODk=", "number": 833, "title": "/-/metadata and so on should respect view-instance permission", "user": {"value": 9599, "label": "simonw"}, "state": "closed", "locked": 0, "assignee": null, "milestone": {"value": 5512395, "label": "Datasette 0.44"}, "comments": 4, "created_at": "2020-06-11T19:07:21Z", "updated_at": "2020-06-11T22:15:32Z", "closed_at": "2020-06-11T22:14:59Z", "author_association": "OWNER", "pull_request": null, "body": "The only URLs that should be available without authentication at all times are the `/-/static/` prefix, to allow for HTTP caching.", "repo": {"value": 107914493, "label": "datasette"}, "type": "issue", "active_lock_reason": null, "performed_via_github_app": null, "reactions": "{\"url\": \"https://api.github.com/repos/simonw/datasette/issues/833/reactions\", \"total_count\": 0, \"+1\": 0, \"-1\": 0, \"laugh\": 0, \"hooray\": 0, \"confused\": 0, \"heart\": 0, \"rocket\": 0, \"eyes\": 0}", "draft": null, "state_reason": "completed"}