datasette 1.0a27
Summary
Datasette 1.0a27, an open-source multi-tool for data exploration and publishing, has been released with significant updates. A major change involves moving away from Django-style CSRF form tokens, now utilizing modern browser headers for enhanced security. Additionally, this alpha introduces a new RenameTableEvent, which fires whenever a table is renamed within a SQLite transaction, enabling plugins like datasette-comments to react appropriately. Other notable changes include a new "actor=" parameter for `datasette.client` methods to facilitate internal requests, a `Database(is_temp_disk=True)` option to prevent database locked errors, and the `/-/upsert` API now rejects rows with null primary key values. The `/.json` endpoint also gains an "ok": true key for API consistency.
Key takeaway
For developers building or maintaining Datasette plugins, you should review the new RenameTableEvent to ensure your plugins correctly handle table renames. Additionally, if you are performing internal requests or automated tests, utilize the new "actor=" parameter in `datasette.client` methods for better control and clarity. Be aware that the `/-/upsert` API now strictly rejects null primary key values, requiring adjustments to data insertion logic.
Key insights
Datasette 1.0a27 enhances security and plugin reactivity while refining internal database handling and API consistency.
Principles
- Modern browser headers improve CSRF protection.
- Event-driven architecture aids plugin integration.
In practice
- Use `actor=` for internal Datasette client requests.
- Avoid null primary keys in `/-/upsert` API calls.
Topics
- Datasette
- CSRF Protection
- SQLite Transactions
- Plugin Development
- API Endpoints
Code references
Best for: Software Engineer, Data Engineer, Security Engineer
Related on AIssential
Editorial summary, takeaway, and curation by AIssential. Original article published by Simon Willison's Weblog.