github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/877#issuecomment-652597975 | https://api.github.com/repos/simonw/datasette/issues/877 | 652597975 | MDEyOklzc3VlQ29tbWVudDY1MjU5Nzk3NQ== | 9599 | 2020-07-01T19:12:15Z | 2020-07-01T19:12:15Z | OWNER | The latest release of https://github.com/simonw/datasette-auth-tokens (0.2) now supports SQL configuration of tokens. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-652520496 | https://api.github.com/repos/simonw/datasette/issues/877 | 652520496 | MDEyOklzc3VlQ29tbWVudDY1MjUyMDQ5Ng== | 9599 | 2020-07-01T16:26:52Z | 2020-07-01T16:26:52Z | OWNER | Tokens get verified by plugins. So far there's only one: https://github.com/simonw/datasette-auth-tokens - which has you hard-coding plugins in a configuration file. I have a issue there to add support for database-backed tokens too: https://github.com/simonw/datasette-auth-tokens/issues/1 | { "total_count": 1, "+1": 1, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-652182990 | https://api.github.com/repos/simonw/datasette/issues/877 | 652182990 | MDEyOklzc3VlQ29tbWVudDY1MjE4Mjk5MA== | 9599 | 2020-07-01T04:29:38Z | 2020-07-01T04:42:59Z | OWNER | Have you tried the method described here? https://datasette.readthedocs.io/en/latest/internals.html#csrf-protection - I'm happy to bulk out that section of the documentation if that doesn't help solve your problem. I just closed #835 which should make CSRF protection easier to work with - it won't interfere with requests without cookies or requests with `Authentication: Bearer token` tokens. See also https://github.com/simonw/asgi-csrf/issues/11 You can try out `pip install datasette==0.45a5` to get those features. Hopefully releasing a full 0.45 tomorrow. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-651984989 | https://api.github.com/repos/simonw/datasette/issues/877 | 651984989 | MDEyOklzc3VlQ29tbWVudDY1MTk4NDk4OQ== | 9599 | 2020-06-30T19:03:25Z | 2020-06-30T19:03:25Z | OWNER | Relevant: #835 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 | |
https://github.com/simonw/datasette/issues/877#issuecomment-651984355 | https://api.github.com/repos/simonw/datasette/issues/877 | 651984355 | MDEyOklzc3VlQ29tbWVudDY1MTk4NDM1NQ== | 9599 | 2020-06-30T19:02:15Z | 2020-06-30T19:02:15Z | OWNER | https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#login-csrf > Login CSRF can be mitigated by creating pre-sessions (sessions before a user is authenticated) and including tokens in login form. Sounds like regular CSRF protection to me. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648421105 |