issue_comments: 646214158

This data as json

html_url issue_url id node_id user created_at updated_at author_association body reactions issue performed_via_github_app
https://github.com/simonw/datasette/issues/835#issuecomment-646214158 https://api.github.com/repos/simonw/datasette/issues/835 646214158 MDEyOklzc3VlQ29tbWVudDY0NjIxNDE1OA== 9599 2020-06-18T17:48:45Z 2020-06-18T17:48:45Z OWNER

I wonder if it's safe to generically say "Don't do CSRF protection on any request that includes a Authorization: Bearer... header - because it's not possible for a regular browser to send that header since the format is different from the header used in browser-based HTTP basic auth?

 
{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
 637363686