Parsing JSON with CSRF protection
Closed this issue · 2 comments
Hey,
I love this tool, but sometimes it fails to parse the content if it is prefixed with some characters helping to protect against CSRF.
In my case it's usually this - )]}',.
I saw the contribution guidelines a bit late, so I went ahead and implemented something that does the job (master...mikechernev:parse-json-with-csrf-protection), but I won't open a PR unless you confirm that this is functionality that you want.
Please let me know what you think and again - great job on the tool!
Cheers,
Mike
Thanks for the report! Unfortunately I don’t think this is functionality I want to have in JSONView, since adding those characters makes the document not real JSON anymore. There are also other effective ways to prevent cross site request forgery.
I see your point, but this is becoming increasingly popular, to the point where some frameworks include this automagically in the JSON response. Even Google use this on some of their API responses.
(I got some good insights from here - https://stackoverflow.com/questions/6572295/what-kind-of-json-answer-starts-with).
My point is, that even though the JSON is technically not valid, it's only a preventative measure and the underlaying content is actually valid JSON. IMHO Feature like this will improve the usability of the extension.
Just for reference, tools like Postman have something similar already implemented and handle these responses as valid JSON.