home / github

Menu
  • Search all tables
  • GraphQL API

issue_comments

Table actions
  • GraphQL API for issue_comments

5 rows where issue = 631300342 sorted by updated_at descending

✖
✖

✎ View and edit SQL

This data as json, CSV (advanced)

Suggested facets: created_at (date), updated_at (date)

user 1

  • simonw 5

issue 1

  • CSRF protection · 5 ✖

author_association 1

  • OWNER 5
id html_url issue_url node_id user created_at updated_at ▲ author_association body reactions issue performed_via_github_app
639712835 https://github.com/simonw/datasette/pull/798#issuecomment-639712835 https://api.github.com/repos/simonw/datasette/issues/798 MDEyOklzc3VlQ29tbWVudDYzOTcxMjgzNQ== simonw 9599 2020-06-05T18:53:32Z 2020-06-05T18:53:32Z OWNER

Add unit tests illustrating the Vary: Cookie header and I'm done here.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
CSRF protection 631300342  
639685550 https://github.com/simonw/datasette/pull/798#issuecomment-639685550 https://api.github.com/repos/simonw/datasette/issues/798 MDEyOklzc3VlQ29tbWVudDYzOTY4NTU1MA== simonw 9599 2020-06-05T18:20:34Z 2020-06-05T18:20:34Z OWNER

I'm solving the compatibility with caching problem in this ticket: https://github.com/simonw/asgi-csrf/issues/7

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
CSRF protection 631300342  
639269994 https://github.com/simonw/datasette/pull/798#issuecomment-639269994 https://api.github.com/repos/simonw/datasette/issues/798 MDEyOklzc3VlQ29tbWVudDYzOTI2OTk5NA== simonw 9599 2020-06-05T05:36:35Z 2020-06-05T05:38:25Z OWNER

Django docs on CSRF and caching: https://docs.djangoproject.com/en/3.0/ref/csrf/#caching

If the csrf_token template tag is used by a template (or the get_token function is called some other way), CsrfViewMiddleware will add a cookie and a Vary: Cookie header to the response. This means that the middleware will play well with the cache middleware if it is used as instructed

So the cookie is only set for pages that included a hidden csrftoken form field! This could work.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
CSRF protection 631300342  
639269559 https://github.com/simonw/datasette/pull/798#issuecomment-639269559 https://api.github.com/repos/simonw/datasette/issues/798 MDEyOklzc3VlQ29tbWVudDYzOTI2OTU1OQ== simonw 9599 2020-06-05T05:34:56Z 2020-06-05T05:35:23Z OWNER

I don't want to set a cookie on a page response that is being cached.

Right now the ASGI middleware will be doing exactly that, which is bad.

But how do I get certainty that when you load a page with a form that will be CSRF protected you have been served the cookie?

Maybe those pages should do something explicit to the request object indicating that the cookie is needed?

That works for Datasette (since it has mutable request objects) but I'm not sure how it would work in the asgi-csrf pure ASGI middleware context.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
CSRF protection 631300342  
639249743 https://github.com/simonw/datasette/pull/798#issuecomment-639249743 https://api.github.com/repos/simonw/datasette/issues/798 MDEyOklzc3VlQ29tbWVudDYzOTI0OTc0Mw== simonw 9599 2020-06-05T04:23:01Z 2020-06-05T04:23:01Z OWNER

Needs unit tests.

More importantly: needs very, very careful consideration of how this plays with HTTP caching.

{
    "total_count": 0,
    "+1": 0,
    "-1": 0,
    "laugh": 0,
    "hooray": 0,
    "confused": 0,
    "heart": 0,
    "rocket": 0,
    "eyes": 0
}
CSRF protection 631300342  

Advanced export

JSON shape: default, array, newline-delimited, object

CSV options:

CREATE TABLE [issue_comments] (
   [html_url] TEXT,
   [issue_url] TEXT,
   [id] INTEGER PRIMARY KEY,
   [node_id] TEXT,
   [user] INTEGER REFERENCES [users]([id]),
   [created_at] TEXT,
   [updated_at] TEXT,
   [author_association] TEXT,
   [body] TEXT,
   [reactions] TEXT,
   [issue] INTEGER REFERENCES [issues]([id])
, [performed_via_github_app] TEXT);
CREATE INDEX [idx_issue_comments_issue]
                ON [issue_comments] ([issue]);
CREATE INDEX [idx_issue_comments_user]
                ON [issue_comments] ([user]);
Powered by Datasette · Queries took 22.975ms · About: github-to-sqlite
  • Sort ascending
  • Sort descending
  • Facet by this
  • Hide this column
  • Show all columns
  • Show not-blank rows