WordPress.org

Make WordPress Core

Opened 5 months ago

Closed 4 months ago

#39150 closed defect (bug) (fixed)

Empty JSON Payload Causes rest_invalid_json

Reported by: GamerZ Owned by: jnylen0
Milestone: 4.7.1 Priority: normal
Severity: normal Version: 4.7
Component: REST API Keywords: has-patch has-unit-tests commit fixed-major
Focuses: Cc:

Description

The rest_invalid_json error was introduced in #38547 which is meant to detect defect json in body. However, if a empty body is used, this is marked as invalid as well.

There are scenarios where empty body are used especially when deleting an item.

For example calling a DELETE method on a custom endpoint like the below means deleting the ID 1 from the item resource. There is no need to pass in any unnecessary body content.

DELETE /wp-json/custom-endppint/item/1

Attachments (1)

39150.diff (1.7 KB) - added by JPry 5 months ago.
Fix + tests

Download all attachments as: .zip

Change History (19)

This ticket was mentioned in Slack in #core by jnylen. View the logs.


5 months ago

#2 @jnylen0
5 months ago

#39166 was marked as a duplicate.

#3 @jnylen0
5 months ago

Hi @GamerZ, thanks for reporting this. @peterigz seems to have reported the same issue in #39166.

From the relevant code it looks like this only happens if you send Content-Type: application/json. Is it an option for either of you to omit this header from your requests?

#4 @peterigz
5 months ago

Thanks for looking. I'm using https://github.com/woocommerce/wc-api-php, see here the relevent headers being generated: https://github.com/woocommerce/wc-api-php/blob/master/src/WooCommerce/HttpClient/HttpClient.php#L186

Maybe I should raise the issue over there?

#5 @jnylen0
5 months ago

Yes, that would be good.

@JPry
5 months ago

Fix + tests

#6 @JPry
5 months ago

  • Keywords has-patch has-unit-tests added

#7 @GamerZ
5 months ago

@jnylen0 changing the Content-Type header will work but it feels like it is not the right way of doing it.

For the company I work at, our Content-Type defaults to application/json for most requests.

#8 @jnylen0
5 months ago

  • Milestone changed from Awaiting Review to 4.7.1
  • Owner set to jnylen0
  • Status changed from new to accepted

Discussed a bit in Slack, technically the empty string is not valid JSON but this was a backwards compatibility break so we'll fix it in core.

#9 @GamerZ
5 months ago

Awesome thanks @jnylen0 !

#10 @mikejolley
5 months ago

Thanks for patching @jnylen0. I use Insomnia client on Mac and that triggers it if you leave JSON selected as content type. https://dl.dropboxusercontent.com/s/lu8ftrfxwaa94ks/2016-12-08%20at%2010.19.png Glad it wasn't just me :)

This ticket was mentioned in Slack in #core by jeffpaul. View the logs.


5 months ago

#12 @boonebgorges
5 months ago

I just ran into this as well, in my case with a GET request.

I defer to the API team on this, but I wonder if a narrower fix might be to skip body parsing (or allow empty body) for methods that don't specifically support a message-body. This seems like it would jibe better with RFC 2616, which says that servers should ignore the body for these request types. https://tools.ietf.org/html/rfc2616#section-4.3

#13 @jnylen0
5 months ago

I defer to the API team on this, but I wonder if a narrower fix might be to skip body parsing (or allow empty body) for methods that don't specifically support a message-body.

I'm not opposed to it, but @boonebgorges let's do that in a separate ticket.

The issue being discussed here was introduced in 4.7; the change you're proposing would date back to 4.4.

Edit: Also, this wouldn't fix the issue reported here for POST and other methods that do support a body.

Last edited 5 months ago by jnylen0 (previous) (diff)

#14 @pento
5 months ago

  • Keywords commit added

#15 @jnylen0
5 months ago

  • Resolution set to fixed
  • Status changed from accepted to closed

In 39594:

REST API: Do not error on empty JSON body

It's fairly common for clients to send Content-Type: application/json with an
empty body. While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.

Props JPry.
Fixes #39150.

#16 @jnylen0
5 months ago

  • Keywords fixed-major added
  • Resolution fixed deleted
  • Status changed from closed to reopened

Needs to be ported to 4.7 branch.

#17 @jnylen0
5 months ago

#39284 was marked as a duplicate.

#18 @dd32
4 months ago

  • Resolution set to fixed
  • Status changed from reopened to closed

In 39609:

REST API: Do not error on empty JSON body

It's fairly common for clients to send Content-Type: application/json with an
empty body. While technically not valid JSON, we've historically supported
this behaviour, so it shouldn't cause an error.

Props JPry, jnylen0.
Merges [39594] to the 4.7 branch.
Fixes #39150.

Note: See TracTickets for help on using tickets.