Overview

Datasette 1.0a27 introduces modernized CSRF protection using browser headers instead of Django-style tokens, plus new table rename events for better plugin compatibility. The release also includes several API improvements and bug fixes.

View Original

Breaking Changes

  • (1.0a27) Replaced Django-style CSRF form tokens with modern browser header-based CSRF protection

Changes by Version

1.0a27

  • Changed CSRF protection to use modern browser headers instead of Django-style form tokens
  • Added RenameTableEvent fired when tables are renamed during SQLite transactions
  • Added actor parameter for datasette.client methods allowing internal requests as specific actors for automated testing
  • Added Database(is_temp_disk=True) option to resolve intermittent database locked errors
  • Changed upsert API to reject rows with null primary key values
  • Added "ok": true key to database JSON endpoint for API consistency
  • Added call_with_supported_arguments() as documented public API
  • Fixed improved upsert endpoint examples in API explorer