Все Едно Все Едно - 6 months ago 80
Ajax Question

Unable to parse the JSON in the request (AJAX, POSTMAN, REST)

When i try to parse this json

[
{"name":"name1","id":12},
{"name":"name2","id":11},
{"name":"name3","id":111},
{"name":"name4","id":1115}
]


in kinveys baas via postman via POST request, I get the error

{
"error": "Unable to parse the JSON in the request"
}


Here is a screenshot of my back end
Kinvey.com

Here is a screenshot of my POSTMAN
postman

But when I only send
{"name":"name1","id":12}
it doesn't trows and error and it places is in the backend as it should.Picture here:Kinvey worked

Answer

As a security measure, some frameworks won't parse top-level arrays as JSON. Doing so enabled exploits in some older browsers.

The exploit goes something like this:

  1. Write some Javascript that replaces Array with a function that stores its contents to some other variable.

  2. In your malicious site, include a request to some privileged (JSON Array) resource on another server using a <script> tag.

  3. Trick a user with privileges on that server into visiting your site.

The requested resource will be pulled from the benign server, loaded in the user's browser as a script, and evaluated— but the array gets handled by your malicious substitute function, which you can use however you like. A form of cross-site request forgery.