AISimon Willison3h ago
datasette 1.0a27
TL;DRDatasette alpha drops Django CSRF tokens for modern browser security headers.
Why it matters: Simpler security implementation reduces attack surface for data publishing tools.
Release: datasette 1.0a27 Two major changes in this new Datasette alpha. I covered the first of those in detail yesterday - Datasette no longer uses Django-style CSRF form tokens, instead using modern browser headers as described by Filippo Valsorda. The second big change is…
Read full articleSource: Simon Willison · Opens in new tab