mirror of
https://github.com/simonw/datasette.git
synced 2026-07-09 17:14:35 +02:00
The default forbidden() hook previously rendered an HTML error page even for .json requests. It now returns the canonical JSON error shape with status 403 when the request path ends in .json or the request sends an Accept: application/json or Content-Type: application/json header. HTML requests still get the error page. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01GrHZSypDfMnym1tM5XJAFZ
29 lines
919 B
Python
29 lines
919 B
Python
from datasette import hookimpl, Response
|
|
from .utils import add_cors_headers, error_body
|
|
|
|
|
|
@hookimpl(trylast=True)
|
|
def forbidden(datasette, request, message):
|
|
async def inner():
|
|
if (
|
|
request.path.split("?")[0].endswith(".json")
|
|
or "application/json" in (request.headers.get("accept") or "")
|
|
or request.headers.get("content-type") == "application/json"
|
|
):
|
|
headers = {}
|
|
if datasette.cors:
|
|
add_cors_headers(headers)
|
|
return Response.json(error_body(message, 403), status=403, headers=headers)
|
|
return Response.html(
|
|
await datasette.render_template(
|
|
"error.html",
|
|
{
|
|
"title": "Forbidden",
|
|
"error": message,
|
|
},
|
|
request=request,
|
|
),
|
|
status=403,
|
|
)
|
|
|
|
return inner
|