datasette

mirror of https://github.com/simonw/datasette.git synced 2025-12-10 16:51:24 +01:00

Author	SHA1	Message	Date
Simon Willison	57e812d5de	ds_author cookie can now expire, closes #829 Refs https://github.com/simonw/datasette-auth-github/issues/62#issuecomment-642152076	2020-06-10 12:39:54 -07:00
Simon Willison	9b42e1a4f5	view-database permission Also now using 🔒 to indicate private resources - resources that would not be available to the anonymous user. Refs #811	2020-06-07 20:50:37 -07:00
Simon Willison	abc7339124	Nicer pattern for make_app_client() in tests, closes #395	2020-06-07 14:14:10 -07:00
Simon Willison	966eec7f75	Check permissions on canned query page, refs #800	2020-06-06 12:27:00 -07:00
Simon Willison	070838bfa1	Better test for Vary header	2020-06-06 12:26:19 -07:00
Simon Willison	3f83d4632a	Respect query permissions on database page, refs #800	2020-06-06 12:05:22 -07:00
Simon Willison	84a9c4ff75	CSRF protection (#798 ) Closes #793. * Rename RequestParameters to MultiParams, refs #799 * Allow tuples as well as lists in MultiParams, refs #799 * Use csrftokens when running tests, refs #799 * Use new csrftoken() function, refs https://github.com/simonw/asgi-csrf/issues/7 * Check for Vary: Cookie hedaer, refs https://github.com/simonw/asgi-csrf/issues/8	2020-06-05 12:05:57 -07:00
Simon Willison	9cb44be42f	Docs and tests for "params", closes #797	2020-06-03 14:04:40 -07:00
Simon Willison	aa82d03704	Basic writable canned queries Refs #698. First working version of this feature. * request.post_vars() no longer discards empty values	2020-06-03 08:16:50 -07:00