datasette-apps 0.1a2

Simon Willison · Simon Willison · 2026-06-15

Simon Willison releases datasette-apps 0.1a2, introducing a new apps-set-csp permission to gate custom CSP origins and fixing link-interception and modal display bugs in full-screen mode.

Open original ↗

Appears in

Simon Willison's AI-Augmented Datasette Ecosystem: Agent, Apps, and Plugins

Extraction

Topics: datasettecontent-security-policyopen-sourcerelease-notes

Claims

Custom network and CSP origin configuration for Datasette Apps is now restricted to users holding the new apps-set-csp permission.
Site administrators can configure an allowed_csp_origins allow-list so non-privileged users may select from pre-approved origins.
The Datasette Agent app creation tool enforces the same apps-set-csp permission rules as the manual UI.
Fragment-link navigation inside apps no longer incorrectly triggers the external-link confirmation modal.

Key quotes

Custom network/CSP origins for apps are now guarded by a new apps-set-csp permission, with an optional allowed_csp_origins plugin allow-list for non-privileged users. The Datasette Agent app creation tool enforces the same rules.