Skip to content

D1 changelog read permission fix #19742

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Feb 5, 2025
Merged

D1 changelog read permission fix #19742

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
74b2a0e
D1 changelog read permission fix
vy-ton Feb 4, 2025
f6357bf
Update d1.yaml
vy-ton Feb 4, 2025
4b9be3a
clarify UI behavior
vy-ton Feb 4, 2025
a964dd9
Update src/content/changelogs/d1.yaml
Oxyjun Feb 5, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 7 additions & 0 deletions src/content/changelogs/d1.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,13 @@ productLink: "/d1/"
productArea: Developer platform
productAreaLink: /workers/platform/changelog/platform/
entries:
- publish_date: "2025-02-04"
title: Fixed bug with D1 read-only access via UI and /query REST API.
description: |-
A bug with D1 permissions, which allowed users with read-only roles via the UI and users with read-only API tokens via the `/query` [REST API](/api/resources/d1/subresources/database/methods/query/) to execute queries that modified databases, is fixed. UI actions via the `Tables` tab, such as creating and deleting tables, were incorrectly allowed with read-only access. However, UI actions via the `Console` tab were not affected by this bug and correctly required write access.
Copy link
Contributor Author

@vy-ton vy-ton Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rozenmd Does wrangler use the CF role? If yes, would wrangler have been impacted by this bug

Copy link
Contributor

@joshthoward joshthoward Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrangler would have also been impacted here since they have user scoped tokens.

Copy link
Contributor Author

@vy-ton vy-ton Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

wranger user scoped tokens are not the same as API tokens though right?

Copy link
Contributor

@rozenmd rozenmd Feb 4, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think wrangler explicitly asks for everything in edit mode, so not an issue


Write queries with read-only access will now fail. If you relied on the previous incorrect behavior, please assign the correct roles to users or permissions to API tokens to perform D1 write queries.

- publish_date: "2025-01-13"
title: D1 will begin enforcing its free tier limits from the 10th of February 2025.
description: |-
Expand Down
Loading