POST request with Content-Type: application/json

xnbox / DeepfakeHTTP

DeepfakeHTTP is a web server that uses HTTP dumps as a source for responses.

MIT License

513 stars 46 forks source link

POST request with Content-Type: application/json #10

Closed mjablecnik closed 3 years ago

mjablecnik commented 3 years ago

Can you show me example how to fake POST request with Content-Type: application/json? For this curl?:

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{"username":"xyz","password":"xyz"}' \
  http://localhost:3000/api/login

response can be also Content-Type: application/json for example: { "name": "Martin", "surname: "Jablecnik", "logged_in: true }

In your examples I see only GET for Content-Type: application/json and POST for Content-Type: application/x-www-form-urlencoded

Thank you very much.

xnbox commented 3 years ago

POST /aaa HTTP/1.1 Content-Type: application/json

HTTP/1.1 200 OK Content-Type: application/json

{"username":"xyz","password":"xyz"}

xnbox commented 3 years ago

Works for me. If you have trouble with it, please send me as an attachment your example.

mjablecnik commented 3 years ago

Yes.


POST /aaa HTTP/1.1
Content-Type: application/json

{"username":"xyz","password":"xyz"}

HTTP/1.1 200 OK
Content-Type: application/json

{
    "name":"Martin",
    "surname":"Jablecnik"
}

Works for me also right now.

My previous experiment was similar to:

POST /aaa HTTP/1.1
Content-Type: application/json

{
    "username":"xyz",
    "password":"xyz"
}

HTTP/1.1 200 OK
Content-Type: application/json

{
    "name":"Martin",
    "surname":"Jablecnik"
}

Where request body have a little different format of body so it didn't work because the json --data wasn't exactly same. Isn't true?

xnbox commented 3 years ago

You're absolutely right. If there is a difference in the first line of the query, headers, or body, the status will be given: 400 Bad Request. To get the query to pass, you need to remove from the dump what does not match the real query. Wildcards (*, ?) are allowed in query path and headers. This gives some flexibility.

xnbox commented 3 years ago

Sorry! Wildcards are allowed in query parameters values. In path you can use OpenAPI styled parameters: GET /customers/{country}/{id}/info HTTP/1.1

mjablecnik commented 3 years ago

Yes ok. Now my question is: Can the request body of Content-Type: application/json be parsed and compared by keys and values instead of all body? Because json:

{
    "username":"xyz",
    "password":"xyz"
}

and json:

{"username":"xyz", "password":"xyz"}

are same. Different is only format and indentation.

This should be useful because when I have:

{"username":"xyz", "password":"xyz"}

and

{"username":"xyz","password":"xyz"}

So finding difference and why it doesn't work can be very hard because diff is in only one small space..

xnbox commented 3 years ago

I understand where this concept comes from. In terms of JSON semantics, the samples given are identical. But the purposes of comparing dumps may be different. Perhaps someone just wants to know that the server response has not changed. Or someone can just snatch JSON data with substring(). I don't think this is good practice, but in the interest of increasing performance, why not?