Все Едно Все Едно - 1 year ago 77
Javascript Question

Unable to parse bulk JSON POST request to Kinvey back-end

When I try to parse this JSON:


in a POST request to Kinvey's BAAS, I get the error:

"error": "Unable to parse the JSON in the request"

Here is a screenshot of my back-end (Kinvey).

Here is a screenshot of my request (Postman).

When I send the single entity
it doesn't throw an error and places it in the back-end as it should. Picture here: Kinvey worked

Answer Source

As a security measure, some frameworks won't parse top-level arrays as JSON. Doing so enabled exploits in some older browsers.

The exploit goes something like this:

  1. Write some Javascript that replaces Array with a function that stores its contents to some other variable.

  2. In your malicious site, include a request to some privileged (JSON Array) resource on another server using a <script> tag.

  3. Trick a user with privileges on that server into visiting your site.

The requested resource will be pulled from the benign server, loaded in the user's browser as a script, and evaluated— but the array gets handled by your malicious substitute function, which you can use however you like. A form of cross-site request forgery.


Regarding the question, "how do I upload multiple entities to a Kinvey collection?", the answer is in the Kinvey documentation:

"For bulk upload, see the CSV/JSON import feature on the Kinvey console (navigate to the collection, click Settings, then click Import Data)."