php：//输入<> $ _ POST？ [英] php://input <> $_POST?

问题描述

我正在试验Firefox的内容安全政策。基本上它是一个特殊的页眉，告诉浏览器哪些资源是有效的。

当某些资源因为违反策略而无效时，Firefox会将报告发送给给定的URI以json格式。

这是一个典型的报告

 数组（1）{
 [csp-report] => 
 array（4）{
 [request] => 
 string（71）GET http://example.com/?function=detail&id=565 HTTP / 1.1
 [request-headers] => 
 string（494）Host：example.com 
用户代理：Mozilla / 5.0（Windows NT 5.1; rv：2.0b10pre）Gecko / 20110115 Firefox / 4.0b10pre 
 Accept：text / html，application / xhtml + xml，application / xml; q = 0.9，* / *; q = 0.8 
 Accept-Language：es-ar，en-us; q = 0.8，es; q = 0.5，en ; q = 0.3 
 Accept-Encoding：gzip，deflate 
 Accept-Charset：UTF-8，* 
 Keep-Alive：115 
连接：keep-alive 
 Referer：http://example.com/index.php?function=search&query=Pata+de+cambio+ 
 Cookie：cookie 

 [blocked-uri] = > 
 string（4）self
 [违反指示] => 
 string（30）内嵌脚本库限制

} 
  

内容类型是application / json; charset = UTF-8

现在。我期望这是可以在$ _POST作为REQUEST_METHOD == POST，但后总是空的。
我可以从php：//输入访问它，但问题是：为什么请求在$ _POST中不可用？

我甚至不能使用filter_input，而$ _REQUEST是空的...

解决方案

$ p> POST / some_path HTTP / 1.1

myvar = something& secondvar = somethingelse


但是你得到的不是一个有效的查询字符串。它可能看起来像这样：

$ p $ POST / some_path HTTP / 1.1

{'this'： '是一个JSON对象'，'notice'：'它不是一个有效的查询字符串'}


php：// input 在原始格式中为您提供所有内容，所以在这种情况下，我认为这是获得您想要的唯一方法。 >

I'm experimenting with Firefox's Content Security Policy. Basically it's a special header for the webpage that tells the browser which resources are valid.

When some resource is invalid because it's breaks the policy, Firefox sends a report to a given URI in json format.

This is a typical report

array(1) {
  ["csp-report"]=>
  array(4) {
    ["request"]=>
    string(71) "GET http://example.com/?function=detail&id=565 HTTP/1.1"
    ["request-headers"]=>
    string(494) "Host: example.com
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0b10pre) Gecko/20110115 Firefox/4.0b10pre
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: es-ar,en-us;q=0.8,es;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Accept-Charset: UTF-8,*
Keep-Alive: 115
Connection: keep-alive
Referer: http://example.com/index.php?function=search&query=Pata+de+cambio+
Cookie: the cookie
"
    ["blocked-uri"]=>
    string(4) "self"
    ["violated-directive"]=>
    string(30) "inline script base restriction"
  }
}

The content type is application/json; charset=UTF-8

Now. I would expect this to be avaliable in $_POST as REQUEST_METHOD==POST but post is always empty. I can access it from php://input, but the question is: Why the request isn't avaliable in $_POST?

I can't even use filter_input and $_REQUEST is empty...

解决方案

$_POST gives you form variables, which show up in the page like this:

POST /some_path HTTP/1.1

myvar=something&secondvar=somethingelse

But what you're getting isn't a valid query string. It probably looks something like this:

POST /some_path HTTP/1.1

{'this':'is a JSON object','notice':'it\'s not a valid query string'}

php://input gives you everything after the headers in raw form, so in this case I think it's the only way to get what you want.

这篇关于php：//输入<> $ _ POST？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！