Asked  8 Months ago    Answers:  5   Viewed   37 times

I'm experimenting with Firefox's Content Security Policy. Basically it's a special header for the webpage that tells the browser which resources are valid.

When some resource is invalid because it's breaks the policy, Firefox sends a report to a given URI in json format.

This is a typical report

array(1) {
  ["csp-report"]=>
  array(4) {
    ["request"]=>
    string(71) "GET http://example.com/?function=detail&id=565 HTTP/1.1"
    ["request-headers"]=>
    string(494) "Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b10pre) Gecko/20110115 Firefox/4.0b10pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ar,en-us;q=0.8,es;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: UTF-8,*
Keep-Alive: 115
Connection: keep-alive
Referer: http://example.com/index.php?function=search&query=Pata+de+cambio+
Cookie: the cookie
"
    ["blocked-uri"]=>
    string(4) "self"
    ["violated-directive"]=>
    string(30) "inline script base restriction"
  }
}

The content type is application/json; charset=UTF-8

Now. I would expect this to be avaliable in $_POST as REQUEST_METHOD==POST but post is always empty. I can access it from php://input, but the question is: Why the request isn't avaliable in $_POST?

I can't even use filter_input and $_REQUEST is empty...

 Answers

14

$_POST gives you form variables, which show up in the page like this:

POST /some_path HTTP/1.1

myvar=something&secondvar=somethingelse

But what you're getting isn't a valid query string. It probably looks something like this:

POST /some_path HTTP/1.1

{'this':'is a JSON object','notice':'it's not a valid query string'}

php://input gives you everything after the headers in raw form, so in this case I think it's the only way to get what you want.

Wednesday, March 31, 2021
 
TheCarver
answered 8 Months ago
100

You have to use headers config sections for headers, not the root level.

return new Client([
    'base_uri' => env('API_HOST'),
    'headers' => [
        'Accept' => 'application/json',
        'Authorization' => 'Bearer ' . $token,
        'Content-Type' => 'application/json',
    ],
]);
Saturday, May 29, 2021
 
SubniC
answered 5 Months ago
88

That's not how you send file on postman. What you did is sending a string which is the path of your image, nothing more.

What you should do is;

  1. After setting request method to POST, click to the 'body' tab.
  2. Select form-data. At first line, you'll see text boxes named key and value. Write 'image' to the key. You'll see value type which is set to 'text' as default. Make it File and upload your file.
  3. Then select 'raw' and paste your json file. Also just next to the binary choice, You'll see 'Text' is clicked. Make it JSON.

form-data section

raw section

You're ready to go.

In your Django view,

from rest_framework.views import APIView
from rest_framework.parsers import MultiPartParser
from rest_framework.decorators import parser_classes

@parser_classes((MultiPartParser, ))
class UploadFileAndJson(APIView):

    def post(self, request, format=None):
        thumbnail = request.FILES["file"]
        info = json.loads(request.data['info'])
        ...
        return HttpResponse()
Saturday, June 12, 2021
 
Saurabh
answered 5 Months ago
79

The Bootstrap form-control class gets a fixed height by default. Just add a height: auto; to your .join-form selector(to keep flexibility), and change the padding to get the original effect, like this padding: 14px 20px;

See here: http://jsfiddle.net/x78Bh/

Thursday, August 12, 2021
 
Chvanikoff
answered 3 Months ago
99

Debugging suggestion:

Check the output of json_last_error(). It should give you an exact reason why it doesn't work. Available from PHP 5.3.0 only, though.

The reason:

JSONP is not identical with JSON. It contains extra data that breaks json_decode().

Solution:

Remove the extra brackets using substr($AVDecode, 1, strlen($AVDecode)-2)

Friday, October 22, 2021
 
Zed
answered 6 Days ago
Zed
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share