github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/877#issuecomment-652597975 | https://api.github.com/repos/simonw/datasette/issues/877 | 652597975 | MDEyOklzc3VlQ29tbWVudDY1MjU5Nzk3NQ== | 9599 | 2020-07-01T19:12:15Z | 2020-07-01T19:12:15Z | OWNER | The latest release of https://github.com/simonw/datasette-auth-tokens (0.2) now supports SQL configuration of tokens. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-652520496 | https://api.github.com/repos/simonw/datasette/issues/877 | 652520496 | MDEyOklzc3VlQ29tbWVudDY1MjUyMDQ5Ng== | 9599 | 2020-07-01T16:26:52Z | 2020-07-01T16:26:52Z | OWNER | Tokens get verified by plugins. So far there's only one: https://github.com/simonw/datasette-auth-tokens - which has you hard-coding plugins in a configuration file. I have a issue there to add support for database-backed tokens too: https://github.com/simonw/datasette-auth-tokens/issues/1 | { "total_count": 1, "+1": 1, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-652255960 | https://api.github.com/repos/simonw/datasette/issues/877 | 652255960 | MDEyOklzc3VlQ29tbWVudDY1MjI1NTk2MA== | 3243482 | 2020-07-01T07:52:25Z | 2020-07-01T08:10:00Z | CONTRIBUTOR | I am calling the API from another origin, so injecting CSRF token into templates wouldn't work. EDIT: I'll try the new version, it sounds promising | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-652261382 | https://api.github.com/repos/simonw/datasette/issues/877 | 652261382 | MDEyOklzc3VlQ29tbWVudDY1MjI2MTM4Mg== | 3243482 | 2020-07-01T08:03:17Z | 2020-07-01T08:03:23Z | CONTRIBUTOR | Bearer tokens sound interesting. Where do tokens come from? An auth provider of my choosing? How do they get verified? | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-652182990 | https://api.github.com/repos/simonw/datasette/issues/877 | 652182990 | MDEyOklzc3VlQ29tbWVudDY1MjE4Mjk5MA== | 9599 | 2020-07-01T04:29:38Z | 2020-07-01T04:42:59Z | OWNER | Have you tried the method described here? https://datasette.readthedocs.io/en/latest/internals.html#csrf-protection - I'm happy to bulk out that section of the documentation if that doesn't help solve your problem. I just closed #835 which should make CSRF protection easier to work with - it won't interfere with requests without cookies or requests with `Authentication: Bearer token` tokens. See also https://github.com/simonw/asgi-csrf/issues/11 You can try out `pip install datasette==0.45a5` to get those features. Hopefully releasing a full 0.45 tomorrow. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-652166115 | https://api.github.com/repos/simonw/datasette/issues/877 | 652166115 | MDEyOklzc3VlQ29tbWVudDY1MjE2NjExNQ== | 3243482 | 2020-07-01T03:28:07Z | 2020-07-01T03:28:07Z | CONTRIBUTOR | Does this mean custom routes get to expose endpoints accepting POST requests? I've tried earlier to add some POST endpoints, but requests were being rejected by Datasette due to CSRF | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 |