skip_csrf(datasette, scope) plugin hook, refs #1377

2025-12-10 16:51:24 +01:00 · 2021-06-23 15:39:52 -07:00 · 2021-06-23 15:39:52 -07:00 · b1fd24ac9f
commit b1fd24ac9f
parent 4a3e8561ab
8 changed files with 68 additions and 1 deletions
--- a/datasette/app.py
+++ b/datasette/app.py
@ -1052,6 +1052,9 @@ class Datasette:
            DatasetteRouter(self, routes),
            signing_secret=self._secret,
            cookie_name="ds_csrftoken",
+            skip_if_scope=lambda scope: any(
+                pm.hook.skip_csrf(datasette=self, scope=scope)
+            ),
        )
        if self.setting("trace_debug"):
            asgi = AsgiTracer(asgi)
--- a/datasette/hookspecs.py
+++ b/datasette/hookspecs.py
@ -112,3 +112,8 @@ def table_actions(datasette, actor, database, table, request):
@hookspec
 def database_actions(datasette, actor, database, request):
    """Links for the database actions menu"""
+
+
+@hookspec
+def skip_csrf(datasette, scope):
+    """Mechanism for skipping CSRF checks for certain requests"""