Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Improve application/json POST support
While the code already existed to support "application/json" as a valid content-type for POST requests, this did not do anything useful in practice. So this commit adds the following: - Add automatic decoding of the POST entity into the variable $CGI::json_ref. If this variable exists, it is already guaranteed to be structurally valid. - Conditionally handle "application/json" POST mapping into CGI space, using the new UnpackJSON directive. This means that for the POSTed JSON object we will populate %CGI::values with the keys of that object with the (potentially deep structured) values of the same object. We enable UnpackJSON handling by default, though this value is up for debate. Considering that we already don't (shouldn't) trust CGI values, simply making it easier to have structured data using a JSON request doesn't seem like there are additional security implications. Additionally, by shoving this into CGI space, we already have ITL/tag support for accessing the values of the response, which seem to make this much easier than having redundant UserTags/SystemTags to support inspection of $CGI::json_ref for the common use case.
- Loading branch information