github
id | node_id | number | title | user | state | locked | assignee | milestone | comments | created_at | updated_at | closed_at | author_association | pull_request | body | repo | type | active_lock_reason | performed_via_github_app | reactions | draft | state_reason |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
629524205 | MDU6SXNzdWU2Mjk1MjQyMDU= | 793 | CSRF protection for /-/messages tool and writable canned queries | 9599 | closed | 0 | 5512395 | 3 | 2020-06-02T21:22:21Z | 2020-06-06T00:43:41Z | 2020-06-05T19:05:59Z | OWNER | > The `/-/messages` debug tool will need CSRF protection or people will be able to add messages using a hidden form on another website. _Originally posted by @simonw in https://github.com/simonw/datasette/issues/790#issuecomment-637790860_ | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/793/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | |||||
631300342 | MDExOlB1bGxSZXF1ZXN0NDI4MjEyNDIx | 798 | CSRF protection | 9599 | closed | 0 | 5512395 | 5 | 2020-06-05T04:22:35Z | 2020-06-06T00:43:41Z | 2020-06-05T19:05:58Z | OWNER | simonw/datasette/pulls/798 | Refs #793 | 107914493 | pull | { "url": "https://api.github.com/repos/simonw/datasette/issues/798/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
0 | ||||
632056825 | MDU6SXNzdWU2MzIwNTY4MjU= | 802 | "datasette plugins" command is broken | 9599 | closed | 0 | 1 | 2020-06-05T23:33:01Z | 2020-06-05T23:46:43Z | 2020-06-05T23:46:43Z | OWNER | I broke it in https://github.com/simonw/datasette/commit/a7137dfe069e5fceca56f78631baebd4a6a19967 - and it turns out there was no test coverage so I didn't realize it was broken. | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/802/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed | ||||||
631789422 | MDU6SXNzdWU2MzE3ODk0MjI= | 799 | TestResponse needs to handle multiple set-cookie headers | 9599 | closed | 0 | 2 | 2020-06-05T17:39:52Z | 2020-06-05T18:34:10Z | 2020-06-05T18:34:10Z | OWNER | Seeing this test failure on #798: ``` _______________________ test_auth_token _______________________ app_client = <tests.fixtures.TestClient object at 0x11285c910> def test_auth_token(app_client): "The /-/auth-token endpoint sets the correct cookie" assert app_client.ds._root_token is not None path = "/-/auth-token?token={}".format(app_client.ds._root_token) response = app_client.get(path, allow_redirects=False,) assert 302 == response.status assert "/" == response.headers["Location"] > assert {"id": "root"} == app_client.ds.unsign(response.cookies["ds_actor"], "actor") E KeyError: 'ds_actor' datasette/tests/test_auth.py:12: KeyError ``` It looks like that's happening because the ASGI middleware is adding another set-cookie header - but those two set-cookie headers are combined into one when the TestResponse is constructed: https://github.com/simonw/datasette/blob/0c064c5fe220b7b3d8dcf85b02b4e60452c47232/tests/fixtures.py#L113-L127 | 107914493 | issue | { "url": "https://api.github.com/repos/simonw/datasette/issues/799/reactions", "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
completed |