Question

I m 试验<内容安全政策>。基本上,它是一个特别的网页主人,该网页将资源有效的浏览器上列。

某些资源由于中断政策而无效时,Grelease会以json格式向某个国际独立人士协会提交一份报告。

这是一个典型的报告。

array(1) {
  ["csp-report"]=>
  array(4) {
    ["request"]=>
    string(71) "GET http://example.com/?function=detail&id=565 HTTP/1.1"
    ["request-headers"]=>
    string(494) "Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b10pre) Gecko/20110115 Firefox/4.0b10pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ar,en-us;q=0.8,es;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: UTF-8,*
Keep-Alive: 115
Connection: keep-alive
Referer: http://example.com/index.php?function=search&query=Pata+de+cambio+
Cookie: the cookie
"
    ["blocked-uri"]=>
    string(4) "self"
    ["violated-directive"]=>
    string(30) "inline script base restriction"
  }
}

内容类型为申请/json;果园=UTF-8

Now. I would expect this to be avaliable in $_POST as REQUEST_METHOD==POST but post is always empty. I can access it from php://input, but the question is: Why the request isn t avaliable in $_POST?

我甚至可以使用过滤器——投入,而“RE RequestST”是空洞的。

Answer 1

<代码>_POST a. 提供变量,如上页所示:

POST /some_path HTTP/1.1

myvar=something&secondvar=somethingelse

但是,你重新获得的只是一个有效的问题。也许会看这样的情况:

POST /some_path HTTP/1.1

{ this : is a JSON object , notice : it s not a valid query string }

给你以原始形式的所有东西,因此,我认为这是获得你想要的东西的唯一途径。

Answer 2

如请求作为<代码>POST发出。不一定将其编码为正常的<代码> 申请/x-www-form-urlencoded或 多部分/form-data。如果是>派遣一个JSON机构,那么PHP就不知道如何将其编码。

页: 1 如载有<条码>申请/json 之后,你确实必须读到php:

if (stripos($_SERVER["HTTP_CONTENT_TYPE"], "application/json")===0) {
     $_POST = json_decode(file_get_contents("php://input"));
// or something like that

Answer 3

It can be several of other http request types (I am aware of 7 right now, and several place holders for more to come).
I would print the $_REQUEST and $_SERVER to see how it actually arrives.

友情链接