JSON threat protection policy request body blank

Not applicable
JSONThreatProtection[JSON-Threat-Protection]: Execution failed. reason: Expecting { or [ at line 1",

I think this is caused by a blank body in a POST request. How can I change the security policy to not fail?

    <Properties/>
    <ArrayElementCount>20</ArrayElementCount>
    <ContainerDepth>10</ContainerDepth>
    <ObjectEntryCount>15</ObjectEntryCount>
    <ObjectEntryNameLength>50</ObjectEntryNameLength>
    <Source>request</Source>
    <StringValueLength>800</StringValueLength>
</JSONThreatProtection>
Solved Solved
0 4 1,419
1 ACCEPTED SOLUTION

@jasonbrown ,

I believe it's as per design. You can add a condition to the policy step element. Execute the policy only if the body is present by leveraging the content-length header. See the condition below.

            <Step>
                <Name>JSON-Threat-Protection-1</Name>
                <Condition>(request.header.Content-Length != 0)</Condition>
            </Step>

Sample proxy attached below,

jsonthreatempty-rev1-2016-10-26.zip

Hope it helps. Keep us posted if any.

View solution in original post

4 REPLIES 4

aswinsegu
Participant IV

Looks like the request content is empty or invalid from the error

Check the below points

  • Request content is valid
  • Content-Type header should be set to application/json
  • In case request content could be empty, try adding a condition for this step

@Aswin Segu ,

  • Request content is valid - Doesn't matter - Policy will not force flow into error, It just ignores the payload.
  • Content-Type header should be set to application/json - Doesn't matter - Policy will not force flow into error, It just ignores the payload.

@jasonbrown ,

I believe it's as per design. You can add a condition to the policy step element. Execute the policy only if the body is present by leveraging the content-length header. See the condition below.

            <Step>
                <Name>JSON-Threat-Protection-1</Name>
                <Condition>(request.header.Content-Length != 0)</Condition>
            </Step>

Sample proxy attached below,

jsonthreatempty-rev1-2016-10-26.zip

Hope it helps. Keep us posted if any.

Please try 'null' instead of '0', it works.

<Condition>(request.header.Content-Length != null)</Condition>