remote/datasette
1
0
Fork 0
mirror of https://github.com/simonw/datasette.git synced 2026-05-27 20:36:17 +02:00
Code Issues Projects Releases Packages Wiki Activity
datasette/tests/plugins
History
Simon Willison 0b639a8122
 Replace token-based CSRF with Sec-Fetch-Site header protection (#2689) 
- New CSRF protection middleware inspired by Go 1.25 and research by Filippo Valsorda - https://words.filippo.io/csrf/ - this replaces the old CSRF token based protection.
- Removes all instances of `<input type="hidden" name="csrftoken" value="{{ csrftoken() }}">` in the templates - they are no longer needed.
- Removes the `def skip_csrf(datasette, scope):` plugin hook defined in `datasette/hookspecs.py` and its documentation and tests.
- Updated CSRF protection documentation to describe the new approach.
- Upgrade guide now describes the CSRF change.
2026-04-14 17:11:36 -07:00
..
messages_output_renderer.py Flash messages mechanism, closes #790 2020-06-02 14:12:18 -07:00
my_plugin.py Replace token-based CSRF with Sec-Fetch-Site header protection (#2689) 2026-04-14 17:11:36 -07:00
my_plugin_2.py Fix startup hook to fire after metadata and schema tables are populated (#2666) 2026-03-16 17:56:40 -07:00
register_output_renderer.py register_output_renderer can now return Response, closes #953 2020-08-27 21:02:50 -07:00
sleep_sql_function.py Remove undocumented sqlite_functions mechanism, closes #1567 2021-12-17 17:54:39 -08:00
view_name.py Refactored test plugins into tests/plugins, closes #775 2020-05-27 17:57:25 -07:00