koajs/body-parsers

JSON parsing is too strict for Content-Type

mdvorak opened this issue · 13 comments

request.json() refuses to parse json whenever type is not reqest.is('json'), but that is too strict, since it's absolutely acceptable to have json formatted body with custom media types.

  • I would consider removing this check completely - after all, everyone should perform this check manually anyway. Combined with strict parsing, it will work well.
  • If not, it should be configurable. Either add way to disable it completely, or customize values passed to is().

Workaround is to JSON.parse(yield* this.request.text()).

Thanks

yep i agree. though, really, the issue is with the .is() function. or perhaps i'm using it incorrectly.

@dougwilson ?

are these custom media types using the +json suffix?

It's my understanding that they should carry the +json suffix to be json formatted

For my case, yes, I use +json suffix to specify format, as is good practice. .is() should pick that up, althou it doesn't (so that's another issue). But in any case, it is just good practice to use +json suffix, it is not mandatory. There is nowhere specified, that application/x.cucumber cannot be json formatted, the contract between server and client specifies that. request.json() should not make that decision for you.
Just my opinion.

@jonathanong the issue is that the user does not have the ability to influence the line https://github.com/koajs/body-parsers/blob/master/index.js#L28 , so they have no way to let whatever Content-Type be interpreted as json that they want.

@dougwilson should changing it to +json make it always work?

You can make it ['json', '+json'], but that still won't help someone who wants to use Content-Type: application/x-my-type, especially if they don't have control over it.

I think we need a way to pass an optional type to the json parsing bit then?

yep.

@dougwilson how was making a generic body parsing module? was kind of waiting for that, at least the body reading part.

I would still recommend just removing the check, it is redundant if you follow example from Koala:

switch (this.request.is('json', 'urlencoded', 'multipart', 'image/*')) {
case 'json':
  var body = yield* this.request.json();
  break;
case 'urlencoded':
  var body = yield* this.request.urlencoded();
  break

it means, that the check will be performed for json always twice. And more, if you allow passing an argument, the argument will have to be duplicated for both is and json. Redundancy.
Just consider it. Thanks.

yup i don't see why not. hopefully i'll get to it tonight

Great, thanks!

Great! LGTM.