Ajax Response Json data, are not always valid - json

My website is using ajax calls to add products to cart. Each time a customer presses "Add to Cart" button, there's an ajax request called. The Json data response is sometimes not valid or not formed correctly.
Using firefox developer tools, here's the response data in both ways:
Normal json response:
Not valid json data response:
1) What kind of issue is this?
2) Why is this happening in some cases and not other cases? Could it be the data itself causing this?
3) Possible solutions to this?

In general there are two possible cases where browser can't parse JSON data:
Wrong Content-Type header
Malformed JSON string
In your case, as it sometimes works and sometimes doesn't it's probably the second one. There must be some characters in your response that are escaped in your server side code which are not valid in browser. All server side language have options when converting objects to JSON strings. you can check the invalid response in a JSON linter like https://jsonlint.com/ to see which part causes the problem then search for options to disable this behaviour in your server side code.

1) What kind of issue is this?
Server side issue.
2) Why is this happening in some cases and not other cases?
Bad logic in the server side backend code.
Could it be the data itself causing this?
No
3) Possible solutions to this?
Fix the server side code's logic.

You should check if the datatype of your Ajax function is JSON and you should check your server side code, perhaps the response is not well formatted.

the problem in you post parameters sometimes sending value or sometimes not check the code of javascript and server code as well for validation.

Related

Pentaho HTTP Post using JSON

I'm brand new to Pentaho and I'm trying to do the following workflow:
read a bunch of lines out of a DB
do some transformations
POST them to a REST web service in JSON
I've got the first two figured out using an input step and the Json Output step.
However I have two problems doing the final step:
1) I can't get the JSON formatted how I want. It insists on doing {""=[{...}]} when I just want {...}. This isn't a big deal - I can work around this since I have control over the web service and I could relax the input requirements a bit. (Note: this page http://wiki.pentaho.com/display/EAI/JSON+output gives an example for the output I want by setting no. rows in a block=1 and an empty JSON block name, but it doesn't work as advertised.)
2) This is the critical one. I can't get the data to POST as JSON. It posts as key=value, where the key is the name I specify in the HTTP Post field name (on the 'Fields' tab) and the value is the encoded JSON. I just want to post the JSON as the request body. I've tried googling on this but can't find anyone else doing it, leading me to believe that I'm just approaching this wrong. Any pointers in the right direction?
Edit: I'm comfortable scripting (in Javascript or another language) but when I tried to use XmlHttpRequest in a custom javascript snippet I got an error that XmlHttpRequest is not defined.
Thanks!
This was trivial...just needed to use the REST Client (http://wiki.pentaho.com/display/EAI/Rest+Client) instead of the HTTP Post task. Somehow all my googling didn't discover that, so I'll leave this answer here in case someone else has the same problem as me.
You need to parse the JSON using a Modified JavaScript step. e.g. if the Output Value from the JSON Output is called result and its contents are {"data"=[{...}]}, you should call var plainJSON = JSON.stringify(JSON.parse(result).data[0]) to get the JSON.
In the HTTP Post step, the Request entity field should be plainJSON. Also, don't forget to add a header for Content-Type as application/json (you might have to add that as a constant)

Django cannot parse POST parameters of WSGIRequest on Internal Server Errors

I'm using Django REST Framework and all the API calls come from Android and iOS apps. The system works perfectly most of the time, however, when an internal server error happens and I get an email from Django, the POST of the WSGIRequest contains <could not parse> instead of the actual posted JSON data (even though 'CONTENT_TYPE': 'application/json' is also in the header, and the data is sent as JSON).
This is really annoying, as it would be great to see the request body that actually causes the error, not just the stacktrace.
The <could not parse> part is very similar to this question (in the ModPythonRequest part): django request.POST contains <could not parse>, except the actual problem is slightly different. Also the reference link in that question (https://stackoverflow.com/questions/12471661/mod-python-could-not-parse-the-django-post-request-for-blackberry-and-some-andro) seems to have gone down, even though the name looked very promising.
I'm on Django 1.6.2 and DRF 2.3.13.
The POST dictionary of the WSGIRequest is always going to be invalid, because it is intended to hold the parsed form data when the Content-Type is application/x-www-form-urlencoded or multipart/form-data.
The data you want is in the body attribute of the WSGIRequest object, which isn't output when that object is converted to a string to be written to the log.
When using Django REST framework, you will typically want to access request.DATA (which will handle whatever formats you have parsers configured for - defaulting to form content and JSON) instead of Django's standard request.POST, which will only handle form encoded data.

Direct POST into URL not working?

I am trying to contact an API by posting the parameters in the URL. I am unsure whether it will respond in XML or JSON, but it is one of the two, however, it says there is an error.
This is an example of what I'm submitting. I am receiving this in response:
This page contains the following errors:
error on line 1 at column 1: Document is empty
Below is a rendering of the page up to the first error.
I do not know what is going on... I followed the syntax of the POST I believe, my only remaining question about the syntax would be whether the ? is in the right spot. The page API does work when I POST using PHP...
Or maybe it is working, the browser just isn't capable of understanding an XML or JSON response? (I'm using chrome so I do not think this is the issue)
Otherwise, if anyone has any insight on this, I'd be greatful
A different browser yields this error:
XML Parsing Error: syntax error
Location:
Line Number 1, Column 1:Array
^
While the syntax of the URL does seem to be fine, you imply that the API expects the parameters in POST. Adding them to the actual URL means the parameters are passed in GET, rather than POST.
You could try to test this by making a little HTML form containing all the relevant parameters and passing them to this API via POST, and see if that gives you the expected result.
your issue is how their being sent to the api it should be url-encoded
http://api.example.com/api/?apikey=asdfa23462=example&ip=208.74.76.5
should be
http://api.example.com/api/?apikey=asdfa23462&=example&ip=208.74.76.5
also another issue i see is that you have ?apikey=asdfasfsdafsd&=example
the =example could well be the issue all together.
just some thoughts from what i see.

How can I post JSON data in a way that results in a full page load?

I can already use jQuery.post to send JSON data to the server, but I can't find a way to have the response replace my current page just as a regular old POST would when using plain HTML.
The only way I know right now to come close is to create a dummy form, add the JSON data as a value, then trigger submit. This seems like a big hack and also requires the server side to know where to look for this value (whereas it automatically detects JSON when jQuery sends it).
Please tell me there's a better way!
Example desired usage (note that I don't want the data encoded in the URL):
magic_load_page('/page', {'foo':'bar', 'list':[1,4,9,16]}); // uses POST request

Is this a valid JSON response?

G'day gurus,
I'm calling the REST APIs of an enterprise application that shall remain nameless, and they return JSON such as the following:
throw 'allowIllegalResourceCall is false.';
{
"data": ... loads of valid JSON stuff here ...
}
Is this actually valid JSON? If (as I suspect) it isn't, is there any compelling reason for these kinds of shenanigans?
The response I received from the application vendor is that this is done for security purposes, but I'm struggling to understand how this improves security much, if at all.
Thanks in advance!
Peter
According to
http://jsonlint.com/
It is not.
Something like the below is.
{
"data": "test"
}
Are they expecting you to pull the JSon load out of the message above?
Its not a JSON format at all. From your question it seems you are working with enterprise systems like JIVE :). I am also facing same issue with JIVE api. This is the problem with their V3 API. Not standard , but following thing worked for me. (I am not sure if you are talking about JIVE or not)
//invalid jason response... https://developers.jivesoftware.com/community/thread/2153
jiveResponse = jiveResponse.Replace
("throw 'allowIllegalResourceCall is false.';",String.Empty);
There is a valid reason for this: it protects against CSRF attacks. If you include a JSON url as the target of a <script> tag, then the same-origin policy doesn't apply. This means that a malicious site can include the URL of a JSON API, and any authenticated users will successfully request that data.
By appropriately overriding Object.prototype and/or Array.prototype, the malicious site can get any data parsed as an object literal or array literal (and all valid JSON is also valid javascript). The throw statement protects against this by making it impossible to parse javascript included on a page via <script> tags.
Definitely NOT valid JSON. Maybe there's an error in the implementation that is mixing some kind of debug output with the correct output?
And, by no means this is for security reasons. Seems to me this is a plain bug.
throw 'allowIllegalResourceCall is false.'; is certainly not valid JSON.
What MIME type is reported?
It seems they have added that line to prevent JSON Hijacking. Something like that line is required to prevent JSON Hijacking only if you return a JSON array. But they may have added that line above all of their JSON responses for easier implementation.
Before using it, you have to strip out the first line, and then parse the remaining as JSON.