-
-
Notifications
You must be signed in to change notification settings - Fork 693
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
POST to /db/canned-query that returns JSON should be supported (for API clients) #880
Comments
The response from this will never be a 302 - it will always be a 200 if the response worked or a 400 for bad parameters or a 500 for errors. The body returned will always be in JSON format. |
I've been testing the WIP using this in the console: fetch('/data/add_name.json', {
method: 'POST',
body: 'name=XXXfetch',
credentials: 'omit',
headers: {'Content-Type': 'application/x-www-form-urlencoded'}
})
.then(response => console.log(response)) Against a canned query configured like this: databases:
data:
queries:
add_name:
sql: insert into names (name) values (:name)
write: true I haven't got it to work yet. Latest error is this one:
It looks like I'm going to have to rethink how the |
What should happen when something does a POST to an extension that was registered by a plugin, e.g. |
Maybe POST to Could be a |
Is it safe to skip CSRF checks if the incoming request has I'm not sure that matters since |
Answer: no, it's not safe to skip CSRF if there's an |
Relevant code section: datasette/datasette/views/database.py Lines 209 to 232 in 1552ac9
|
I'm going to add support for POST content that is sent as a JSON document, in addition to the existing support for key=value encoded POST bodies. |
I'm going to support several ways of indicating that you would like a JSON response instead of getting a HTTP redirect from your writable canned query submission:
|
The JSON response will look like this: {
"ok": true,
"message": "A message",
"redirect": "/blah"
}
The |
Now that CSRF is solved for API requests (#835) it would be good to support API requests to the
.json
extension.The text was updated successfully, but these errors were encountered: