Think about CORS

[simonw]

Experimental patch - is this the right approach?

diff --git a/datasette_insert/__init__.py b/datasette_insert/__init__.py
index db10210..159f9d2 100644
--- a/datasette_insert/__init__.py
+++ b/datasette_insert/__init__.py
@@ -14,6 +14,16 @@ async def insert_update(request, datasette):
     table = request.url_vars["table"]
     db = datasette.get_database(database)
 
+    # Handle CORS
+    if request.method == "OPTIONS":
+        r = Response.text("ok")
+        if datasette.cors:
+            r.headers["Access-Control-Allow-Origin"] = "*"
+            r.headers["Access-Control-Allow-Headers"] = "content-type,authorization"
+            r.headers["Access-Control-Allow-Methods"] = "POST"
+        print(r.headers)
+        return r
+
     # Check permissions
     allow_insert_update = False
     allow_create_table = False

[davidbgk]

I confirm that you have to apply that patch to interact with a browser. I also had to set CORS headers to the POST final response otherwise my browser is complaining about that (even if the save/insert is indeed effective):

    r = Response.json({"table_count": table_count})
    if datasette.cors:
        add_cors_headers(r.headers)

    return r

If you want to insert data directly from the browser that looks to be a nice addition!

[davidbgk]

Maybe it could be a dedicated new plugin datasette-insert-web 🤔