Thread: Programmatic access to the SQL tab of pgadmin
Hi all,
TL;DR; Can I run pgadmin locally without the CSRF token check?
Longer version:
I would like to retrieve the output of the SQL tab in pgadmin for various resources (tables, views, functions, etc.) programmatically.
I discovered that this might be possible if we send an http request to a running pgadmin address and using a url of the format:
http://localhost:8011/browser/function/sql/1/1/215863/215876/607033
(where the numbers represent the server group id, the server id, the database id, the schema id and the oid of the function)
When I curl to this URL though I get the error that The CSRF token is missing.
I tried running pgadmin in debug mode, setting the csrf headers to an empty list ( PGADMIN_CONFIG_WTF_CSRF_HEADERS=[]), but none of those worked.
Is there any easy way I could retrieve the contents of the SQL tab?
Any help would be greatly appreciated 🙏🙏
Thanks,
Thomas
I don't have any input, but am eager to know if you are able to solve this. I too am very interested in retrieving the DDL info that pgAdmin provides.
If you search the history for this mailing list, I had asked about something similar a month or so ago. Someone had responded with some hints about modules that may reveal the same info.
From: Thomas Kaliakos <tkaliakos@gmail.com>
Sent: Monday, February 21, 2022 7:44:59 AM
To: pgadmin-support@lists.postgresql.org <pgadmin-support@lists.postgresql.org>
Subject: Programmatic access to the SQL tab of pgadmin
Sent: Monday, February 21, 2022 7:44:59 AM
To: pgadmin-support@lists.postgresql.org <pgadmin-support@lists.postgresql.org>
Subject: Programmatic access to the SQL tab of pgadmin
Hi all,
TL;DR; Can I run pgadmin locally without the CSRF token check?
Longer version:
I would like to retrieve the output of the SQL tab in pgadmin for various resources (tables, views, functions, etc.) programmatically.
I discovered that this might be possible if we send an http request to a running pgadmin address and using a url of the format:
http://localhost:8011/browser/function/sql/1/1/215863/215876/607033
(where the numbers represent the server group id, the server id, the database id, the schema id and the oid of the function)
When I curl to this URL though I get the error that The CSRF token is missing.
I tried running pgadmin in debug mode, setting the csrf headers to an empty list ( PGADMIN_CONFIG_WTF_CSRF_HEADERS=[]), but none of those worked.
Is there any easy way I could retrieve the contents of the SQL tab?
Any help would be greatly appreciated 🙏🙏
Thanks,
Thomas
Hi,
On Mon, Feb 21, 2022 at 8:15 PM Thomas Kaliakos <tkaliakos@gmail.com> wrote:
Hi all,
TL;DR; Can I run pgadmin locally without the CSRF token check?
No possible way to bypass CSRF token currently.
Longer version:
I would like to retrieve the output of the SQL tab in pgadmin for various resources (tables, views, functions, etc.) programmatically.
I discovered that this might be possible if we send an http request to a running pgadmin address and using a url of the format:
http://localhost:8011/browser/function/sql/1/1/215863/215876/607033
(where the numbers represent the server group id, the server id, the database id, the schema id and the oid of the function)
When I curl to this URL though I get the error that The CSRF token is missing.
I tried running pgadmin in debug mode, setting the csrf headers to an empty list ( PGADMIN_CONFIG_WTF_CSRF_HEADERS=[]), but none of those worked.
Is there any easy way I could retrieve the contents of the SQL tab?
Any help would be greatly appreciated 🙏🙏
You can create a feature request @ https://redmine.postgresql.org/projects/pgadmin4/issues.
Thanks,
Khushboo