use sqlite-http in datasette(failed)

[HaveF]

Hi, there :D

I use datasette install datasette-sqlite-http install it, and also sure it is installed by datasette plugins --all, my datasette version is 0.64.3.

    {
        "name": "datasette-sqlite-http",
        "static": false,
        "templates": false,
        "version": "0.1.1",
        "hooks": [
            "prepare_connection"
        ]
    },

When I run a simple query on the page like

select
  name,
  value
from
  http_headers_each(http_get_headers('https://api.github.com/'))
where
  name like 'X-%';

It throw error: no such function: http_get_headers

ERROR: conn=<sqlite3.Connection object at 0x10c91f880>, sql = "explain select\r\n  name,\r\n  value\r\nfrom\r\n  http_headers_each(http_get_headers('https://api.github.com/'))\r\nwhere\r\n  name like 'X-%'", params = {}: no such function: http_get_headers
ERROR: conn=<sqlite3.Connection object at 0x10c91f880>, sql = "select\r\n  name,\r\n  value\r\nfrom\r\n  http_headers_each(http_get_headers('https://api.github.com/'))\r\nwhere\r\n  name like 'X-%';", params = {}: no such function: http_get_headers

What I missed?

Thanks!

Btw, the link to datasette seems not exist https://datasette.io/plugins/datasette-sqlite-http

[asg017]

My apologies, I haven't put up the documentation for datasette-sqlite-http yet. By default the Datasette version of sqlite-http disables any functions that make HTTP requests, for security reasons. If you have SQL functions that make arbitrary SQL functions on a public Datasette instance, people can abuse it to DDOS other websites. This includes http_get_headers()

However, if your Datasette instance is private, you can (unsafely) re-enable those functions with the following configuration in your metadata.json / metadata.yaml:

{
  "plugins": {
    "datasette-sqlite-http": {
      "UNSAFE_allow_http_requests": true
    }
  }
}

[HaveF]

Hi, Alex, Great! It works, thanks for your help! ❤️