Is there a best practice to code JSON threat protection policy when request body is null or blank ?

Not applicable

As of now JSON threat protection policy is failing when the request body is blank or null. One solution which comes to my mind is to restrict policy execution when request.body is null. I am not sure it there is any other efficient solution to code this

2 7 417
7 REPLIES 7

regarding "JSON threat protection policy is failing". How does it fail? (I could test this myself but I'd like to know what you see)

It gives reason: Expecting { or [ at line 1

uhhuh, I see. Thank you. I think the policy ought to be robust enough to detect a completely empty body. We'll log a defect on that. Of course you have an easy workaround, right? (test request.content (not request.body)) .

Thanks @Dino : Yeah I am testing against request.content ! 🙂

hi Dino, I am dealing with the same issue. Here are my policy parameters. I'm trying to determine the fix that will not reject empty POSTS with no body.

    <Properties/>
    <ArrayElementCount>20</ArrayElementCount>
    <ContainerDepth>10</ContainerDepth>
    <ObjectEntryCount>15</ObjectEntryCount>
    <ObjectEntryNameLength>50</ObjectEntryNameLength>
    <Source>request</Source>
    <StringValueLength>800</StringValueLength>

Hi - rather than asking a question in a comment reply to a comment from 5 months ago that is buried 4 -levels deep.... I suggest you click the button ask a new question. And I will answer it there.