github
html_url | issue_url | id | node_id | user | created_at | updated_at | author_association | body | reactions | issue | performed_via_github_app |
---|---|---|---|---|---|---|---|---|---|---|---|
https://github.com/simonw/datasette/issues/880#issuecomment-692324230 | https://api.github.com/repos/simonw/datasette/issues/880 | 692324230 | MDEyOklzc3VlQ29tbWVudDY5MjMyNDIzMA== | 9599 | 2020-09-14T21:28:15Z | 2020-09-14T21:28:21Z | OWNER | Documentation here: https://docs.datasette.io/en/latest/sql_queries.html#json-api-for-writable-canned-queries | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 | |
https://github.com/simonw/datasette/issues/880#issuecomment-692299770 | https://api.github.com/repos/simonw/datasette/issues/880 | 692299770 | MDEyOklzc3VlQ29tbWVudDY5MjI5OTc3MA== | 9599 | 2020-09-14T20:36:40Z | 2020-09-14T20:36:40Z | OWNER | The JSON response will look like this: ```json { "ok": true, "message": "A message", "redirect": "/blah" } ``` `"ok"` will be `true` if everything went right and `false` if there was an error. The `"message"` and `"redirect"` will be whatever was configured using the on_success_message - the message shown `on_success_message`, `on_success_redirect`, `on_error_message` and `on_error_redirect` settings, see https://docs.datasette.io/en/stable/sql_queries.html#writable-canned-queries | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 | |
https://github.com/simonw/datasette/issues/880#issuecomment-692298011 | https://api.github.com/repos/simonw/datasette/issues/880 | 692298011 | MDEyOklzc3VlQ29tbWVudDY5MjI5ODAxMQ== | 9599 | 2020-09-14T20:33:13Z | 2020-09-14T20:33:13Z | OWNER | I'm going to support several ways of indicating that you would like a JSON response instead of getting a HTTP redirect from your writable canned query submission: - Use the `Accept: application/json` request header - Include `?_json=1` in the request query string - Include `"_json": 1` in the form submission (or the JSON body submission) | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 | |
https://github.com/simonw/datasette/issues/880#issuecomment-692272860 | https://api.github.com/repos/simonw/datasette/issues/880 | 692272860 | MDEyOklzc3VlQ29tbWVudDY5MjI3Mjg2MA== | 9599 | 2020-09-14T19:43:47Z | 2020-09-14T19:43:47Z | OWNER | I'm going to add support for POST content that is sent as a JSON document, in addition to the existing support for key=value encoded POST bodies. | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 | |
https://github.com/simonw/datasette/issues/880#issuecomment-692271804 | https://api.github.com/repos/simonw/datasette/issues/880 | 692271804 | MDEyOklzc3VlQ29tbWVudDY5MjI3MTgwNA== | 9599 | 2020-09-14T19:41:37Z | 2020-09-14T19:41:37Z | OWNER | Relevant code section: https://github.com/simonw/datasette/blob/1552ac931e4d2cf516caac3ceeab4fd24da1510a/datasette/views/database.py#L209-L232 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 | |
https://github.com/simonw/datasette/issues/880#issuecomment-691785692 | https://api.github.com/repos/simonw/datasette/issues/880 | 691785692 | MDEyOklzc3VlQ29tbWVudDY5MTc4NTY5Mg== | 9599 | 2020-09-14T03:10:11Z | 2020-09-14T03:10:11Z | OWNER | Answer: no, it's [not safe](https://twitter.com/glenathan/status/1305081266065244162) to skip CSRF if there's an `Accept: application/json` header because of a nasty old `crossdomain.xml` Flash vulnerability: https://blog.appsecco.com/exploiting-csrf-on-json-endpoints-with-flash-and-redirects-681d4ad6b31b?gi=a5ee3d7a8235 | { "total_count": 0, "+1": 0, "-1": 0, "laugh": 0, "hooray": 0, "confused": 0, "heart": 0, "rocket": 0, "eyes": 0 } |
648637666 |