You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When the Content-Type is set to application/json, and when given an already stringified JSON data parameter, Axios trims the body.
This can be an issue e.g. when computing cryptographic signatures or hashes of the body: the signature of the data parameter we give Axios won't match the one for the payload received on the server side.
It seems this comes from this PR #4020 but I don't find any explanation why trim was added there. If anybody knows the reason, I'd be curious to know! Otherwise I can submit a patch to remove the trim but I'm worried that might break other code relying on the trim to happen...
Otherwise I'm wondering how I could send an application/json request without running in this special case of preprocessing the data parameter - in a way where I can give a raw data string that is guaranteed to be sent unaltered. Thanks for the help!
The text was updated successfully, but these errors were encountered:
Describe the issue
When the
Content-Type
is set toapplication/json
, and when given an already stringified JSONdata
parameter, Axios trims the body.This can be an issue e.g. when computing cryptographic signatures or hashes of the body: the signature of the
data
parameter we give Axios won't match the one for the payload received on the server side.Example Code
Expected behavior, if applicable
The server should log the unaltered body - with the before/after flags above:
Instead, Axios trims the body, resulting in the server logging:
Environment
Additional notes
This happens because the
stringifySafely
function (which is called onapplication/json
bodies) explicitly trims an already-stringified JSON body:axios/lib/defaults/index.js
Line 48 in bdf493c
It seems this comes from this PR #4020 but I don't find any explanation why
trim
was added there. If anybody knows the reason, I'd be curious to know! Otherwise I can submit a patch to remove thetrim
but I'm worried that might break other code relying on thetrim
to happen...Otherwise I'm wondering how I could send an
application/json
request without running in this special case of preprocessing thedata
parameter - in a way where I can give a rawdata
string that is guaranteed to be sent unaltered. Thanks for the help!The text was updated successfully, but these errors were encountered: