Solved: JSON threat protection fails for GraphQl input

Report Inappropriate Content · 03-14-2017 05:15 PM

curl -X POST -H "Authorization: Bearer BLAH_BLAH" -H "Content-Type: application/json" -d '"{user {id} }"' "https://<Our_server_Name>/graphql/v1/graphql"

Request body has following valid JSON.

"{user {id} }"

JSON threat protection policy is giving following error.

{
  "fault": {
    "faultstring": "JSONThreatProtection[JSON-Threat-Protection]: Execution failed. reason: Expecting { or [ at line 1",
    "detail": {
      "errorcode": "steps.jsonthreatprotection.ExecutionFailed"
    }
  }
}

DChiesa

Hi,

I think that

"{user {id} }"

is not valid JSON! A single string is not valid JSON. JSON should start with { or [ . this is what the error message is telling you.

Valid JSON might be like this:

{ "user" : "id" }

So I think the policy is correctly throwing an error there!

View solution in original post

DChiesa

Hi,

I think that

"{user {id} }"

is not valid JSON! A single string is not valid JSON. JSON should start with { or [ . this is what the error message is telling you.

Valid JSON might be like this:

{ "user" : "id" }

So I think the policy is correctly throwing an error there!

Report Inappropriate Content

GraphQL queries are strings. They are not valid JSON objects so you shouldn't be passing the query as the Request body. They should be embedded in the JSON object as a string in a key/value pair.

,

GraphQL queries are not JSON. They are strings. You should be treating them as such by embedding them as a value in a JSON object and not passing the GraphQL query as the JSON object itself.

DChiesa

Good point! I forgot to mention that.