rusackas opened a new pull request, #40630:
URL: https://github.com/apache/superset/pull/40630
### SUMMARY
The SQL Lab results endpoint (`/api/v1/sqllab/results/`) previously accepted
the cached results key — and optional row limit — only as query-string
parameters on a `GET` request, which means the key ends up in URLs.
This PR adds a `POST` variant of the same endpoint that reads the parameters
from a JSON request body instead:
```json
{ "key": "<results-key>", "rows": 100 }
```
- A new `post_results` handler accepts `{ "key": string, "rows": number? }`
(rows optional), validated by a new `SqlLabResultsSchema` marshmallow schema.
- Both the existing `GET` and the new `POST` share a single
`_get_results_response` helper, so behavior is identical. The `POST` method is
bound to the same `can_get_results` permission via
`@permission_name("get_results")`, so no new permission/grant is introduced.
- The **existing `GET` endpoint is retained unchanged** for backward
compatibility.
- The frontend `fetchQueryResults` action now issues a `POST` with the
key/rows in `jsonPayload`, so the key is no longer placed in the query string.
Response handling is unchanged.
No `UPDATING.md` entry is added: the change is purely additive (a new
optional `POST` method; the `GET` is unchanged) and is not
backwards-incompatible, which is what `UPDATING.md` documents.
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A — no UI change.
### TESTING INSTRUCTIONS
- Backend: `pytest
tests/integration_tests/sql_lab/api_tests.py::TestSqlLabApi::test_post_results_matches_get
tests/integration_tests/sql_lab/api_tests.py::TestSqlLabApi::test_post_results_requires_key`
- `test_post_results_matches_get` asserts the `POST` returns the same
payload as the `GET`, honors the optional `rows` limit, and that the `GET`
still works.
- `test_post_results_requires_key` asserts a `POST` with no key returns
`400`.
- Frontend: `cd superset-frontend && npx jest
src/SqlLab/actions/sqlLab.test.ts`
- New test asserts `fetchQueryResults` issues a `POST` with the key in the
request body and not in the URL.
- Manual: run a query in SQL Lab and confirm results still load; the network
request to `/api/v1/sqllab/results/` is a `POST` whose body carries the key.
### ADDITIONAL INFORMATION
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in
[SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [x] Introduces new feature or API
- [ ] Removes existing feature or API
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
