Post request to include 'Content-Type' and JSON












12














I'm to work with goo.gl for URL shortening. I need to make the following request:



POST https://www.googleapis.com/urlshortener/v1/url
Content-Type: application/json
{"longUrl": "http://www.google.com/"}


my html:-



<form method="post" action="https://www.googleapis.com/urlshortener/v1/">
<button type="submit"> submit </button>
</form>


how do i add the 'content-type' and json here?










share|improve this question






















  • You can submit the form via ajax and add content-type there .
    – Ghost
    Oct 18 '13 at 9:53










  • @Ghost Why you need to go for ajax ?
    – Prateek
    Oct 18 '13 at 9:55












  • @Prateek The default content type is "application/x-www-form-urlencoded", now to change that, the 'enctype' attribute of the form should be changed. Since the question required to send the JSON data as well i suggested to use an ajax request which is also appropriate here. I do not know how to send a JSON data without ajax.
    – Ghost
    Oct 19 '13 at 13:51
















12














I'm to work with goo.gl for URL shortening. I need to make the following request:



POST https://www.googleapis.com/urlshortener/v1/url
Content-Type: application/json
{"longUrl": "http://www.google.com/"}


my html:-



<form method="post" action="https://www.googleapis.com/urlshortener/v1/">
<button type="submit"> submit </button>
</form>


how do i add the 'content-type' and json here?










share|improve this question






















  • You can submit the form via ajax and add content-type there .
    – Ghost
    Oct 18 '13 at 9:53










  • @Ghost Why you need to go for ajax ?
    – Prateek
    Oct 18 '13 at 9:55












  • @Prateek The default content type is "application/x-www-form-urlencoded", now to change that, the 'enctype' attribute of the form should be changed. Since the question required to send the JSON data as well i suggested to use an ajax request which is also appropriate here. I do not know how to send a JSON data without ajax.
    – Ghost
    Oct 19 '13 at 13:51














12












12








12


3





I'm to work with goo.gl for URL shortening. I need to make the following request:



POST https://www.googleapis.com/urlshortener/v1/url
Content-Type: application/json
{"longUrl": "http://www.google.com/"}


my html:-



<form method="post" action="https://www.googleapis.com/urlshortener/v1/">
<button type="submit"> submit </button>
</form>


how do i add the 'content-type' and json here?










share|improve this question













I'm to work with goo.gl for URL shortening. I need to make the following request:



POST https://www.googleapis.com/urlshortener/v1/url
Content-Type: application/json
{"longUrl": "http://www.google.com/"}


my html:-



<form method="post" action="https://www.googleapis.com/urlshortener/v1/">
<button type="submit"> submit </button>
</form>


how do i add the 'content-type' and json here?







html http post






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Oct 18 '13 at 9:46









Sangram Singh

5,128123871




5,128123871












  • You can submit the form via ajax and add content-type there .
    – Ghost
    Oct 18 '13 at 9:53










  • @Ghost Why you need to go for ajax ?
    – Prateek
    Oct 18 '13 at 9:55












  • @Prateek The default content type is "application/x-www-form-urlencoded", now to change that, the 'enctype' attribute of the form should be changed. Since the question required to send the JSON data as well i suggested to use an ajax request which is also appropriate here. I do not know how to send a JSON data without ajax.
    – Ghost
    Oct 19 '13 at 13:51


















  • You can submit the form via ajax and add content-type there .
    – Ghost
    Oct 18 '13 at 9:53










  • @Ghost Why you need to go for ajax ?
    – Prateek
    Oct 18 '13 at 9:55












  • @Prateek The default content type is "application/x-www-form-urlencoded", now to change that, the 'enctype' attribute of the form should be changed. Since the question required to send the JSON data as well i suggested to use an ajax request which is also appropriate here. I do not know how to send a JSON data without ajax.
    – Ghost
    Oct 19 '13 at 13:51
















You can submit the form via ajax and add content-type there .
– Ghost
Oct 18 '13 at 9:53




You can submit the form via ajax and add content-type there .
– Ghost
Oct 18 '13 at 9:53












@Ghost Why you need to go for ajax ?
– Prateek
Oct 18 '13 at 9:55






@Ghost Why you need to go for ajax ?
– Prateek
Oct 18 '13 at 9:55














@Prateek The default content type is "application/x-www-form-urlencoded", now to change that, the 'enctype' attribute of the form should be changed. Since the question required to send the JSON data as well i suggested to use an ajax request which is also appropriate here. I do not know how to send a JSON data without ajax.
– Ghost
Oct 19 '13 at 13:51




@Prateek The default content type is "application/x-www-form-urlencoded", now to change that, the 'enctype' attribute of the form should be changed. Since the question required to send the JSON data as well i suggested to use an ajax request which is also appropriate here. I do not know how to send a JSON data without ajax.
– Ghost
Oct 19 '13 at 13:51












3 Answers
3






active

oldest

votes


















19














Browsers do not support JSON as a media type for form submissions (the supported types are listed in the spec).



The only way to make such a request from a web page is to use the XMLHttpRequest object.



Google provide a JavaScript library (which wraps XMLHttpRequest) that can interact with their URL Shortener API.






share|improve this answer































    5














    HTML forms don't support JSON, you have to use AJAX to send JSON.



    But if you just want to test the security of an application, to see if it is vulnerable to a CSRF attack, there is a hack to send JSON data as plain text, like described in this article: https://systemoverlord.com/2016/08/24/posting-json-with-an-html-form.html



    An HTML form has the advantage to not require JavaScript enabled and does not have a same-origin policy protection unlike AJAX XMLHttpRequest, so an HTML form can send data to any third-party domain.
    In fact it looks like it is also possible to send GET and POST request to third-party domains with XMLHttpRequest (you will just get a warning saying that you can't read the response), even if not allowed by CORS as long as you don't change the Content-Type header to "application/json": https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Examples_of_access_control_scenarios



    Here is an example from the article:



    <body onload='document.forms[0].submit()'>
    <form method='POST' enctype='text/plain'>
    <input name='{"secret": 1337, "trash": "' value='"}'>
    </form>
    </body>


    However if you try to set the enctype form parameter to "application/json" instead of "text/plain", it will not be recognized and it will result in the default "application/x-www-form-urlencoded" Content-Type HTTP header.



    Some applications will check that the Content-Type HTTP header is "application/json", so it will prevent a CSRF attack (unless you have Flash Player installed: https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/). A better security would be to use an authenticity token, this will protect HTTP requests even if the data type is not JSON. Otherwise, it is also possible to use the sameSite attribute on the session ID cookie to prevent CSRF (https://www.owasp.org/index.php/SameSite).






    share|improve this answer























    • This answer helped me out a lot. Ended up creating a javascript library to enable this: github.com/keithhackbarth/submitAsJSON
      – keithhackbarth
      Apr 18 at 4:57












    • @keithhackbarth I updated my answer, I think the HTML form hack to send JSON is only useful if you want to send data without having JavaScript enabled (so a library would not work without JavaScript). You can directly use XMLHttpRequest otherwise.
      – baptx
      Nov 22 at 18:12



















    0














    Using Ajax request makes life much easier.



        $.ajax({
    url: 'https://www.googleapis.com/urlshortener/v1/url',
    type: 'POST',
    data: JSON.stringify({
    longUrl: $scope.url
    }),
    contentType: 'application/json',
    success: function(got) {
    return alert("shortened url: " + got.id);
    }
    });


    The above works perfectly.






    share|improve this answer





















      Your Answer






      StackExchange.ifUsing("editor", function () {
      StackExchange.using("externalEditor", function () {
      StackExchange.using("snippets", function () {
      StackExchange.snippets.init();
      });
      });
      }, "code-snippets");

      StackExchange.ready(function() {
      var channelOptions = {
      tags: "".split(" "),
      id: "1"
      };
      initTagRenderer("".split(" "), "".split(" "), channelOptions);

      StackExchange.using("externalEditor", function() {
      // Have to fire editor after snippets, if snippets enabled
      if (StackExchange.settings.snippets.snippetsEnabled) {
      StackExchange.using("snippets", function() {
      createEditor();
      });
      }
      else {
      createEditor();
      }
      });

      function createEditor() {
      StackExchange.prepareEditor({
      heartbeatType: 'answer',
      autoActivateHeartbeat: false,
      convertImagesToLinks: true,
      noModals: true,
      showLowRepImageUploadWarning: true,
      reputationToPostImages: 10,
      bindNavPrevention: true,
      postfix: "",
      imageUploader: {
      brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
      contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
      allowUrls: true
      },
      onDemand: true,
      discardSelector: ".discard-answer"
      ,immediatelyShowMarkdownHelp:true
      });


      }
      });














      draft saved

      draft discarded


















      StackExchange.ready(
      function () {
      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f19446544%2fpost-request-to-include-content-type-and-json%23new-answer', 'question_page');
      }
      );

      Post as a guest















      Required, but never shown

























      3 Answers
      3






      active

      oldest

      votes








      3 Answers
      3






      active

      oldest

      votes









      active

      oldest

      votes






      active

      oldest

      votes









      19














      Browsers do not support JSON as a media type for form submissions (the supported types are listed in the spec).



      The only way to make such a request from a web page is to use the XMLHttpRequest object.



      Google provide a JavaScript library (which wraps XMLHttpRequest) that can interact with their URL Shortener API.






      share|improve this answer




























        19














        Browsers do not support JSON as a media type for form submissions (the supported types are listed in the spec).



        The only way to make such a request from a web page is to use the XMLHttpRequest object.



        Google provide a JavaScript library (which wraps XMLHttpRequest) that can interact with their URL Shortener API.






        share|improve this answer


























          19












          19








          19






          Browsers do not support JSON as a media type for form submissions (the supported types are listed in the spec).



          The only way to make such a request from a web page is to use the XMLHttpRequest object.



          Google provide a JavaScript library (which wraps XMLHttpRequest) that can interact with their URL Shortener API.






          share|improve this answer














          Browsers do not support JSON as a media type for form submissions (the supported types are listed in the spec).



          The only way to make such a request from a web page is to use the XMLHttpRequest object.



          Google provide a JavaScript library (which wraps XMLHttpRequest) that can interact with their URL Shortener API.







          share|improve this answer














          share|improve this answer



          share|improve this answer








          edited Jun 8 at 4:26









          Maxim

          6,12851938




          6,12851938










          answered Oct 18 '13 at 10:07









          Quentin

          638k718611031




          638k718611031

























              5














              HTML forms don't support JSON, you have to use AJAX to send JSON.



              But if you just want to test the security of an application, to see if it is vulnerable to a CSRF attack, there is a hack to send JSON data as plain text, like described in this article: https://systemoverlord.com/2016/08/24/posting-json-with-an-html-form.html



              An HTML form has the advantage to not require JavaScript enabled and does not have a same-origin policy protection unlike AJAX XMLHttpRequest, so an HTML form can send data to any third-party domain.
              In fact it looks like it is also possible to send GET and POST request to third-party domains with XMLHttpRequest (you will just get a warning saying that you can't read the response), even if not allowed by CORS as long as you don't change the Content-Type header to "application/json": https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Examples_of_access_control_scenarios



              Here is an example from the article:



              <body onload='document.forms[0].submit()'>
              <form method='POST' enctype='text/plain'>
              <input name='{"secret": 1337, "trash": "' value='"}'>
              </form>
              </body>


              However if you try to set the enctype form parameter to "application/json" instead of "text/plain", it will not be recognized and it will result in the default "application/x-www-form-urlencoded" Content-Type HTTP header.



              Some applications will check that the Content-Type HTTP header is "application/json", so it will prevent a CSRF attack (unless you have Flash Player installed: https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/). A better security would be to use an authenticity token, this will protect HTTP requests even if the data type is not JSON. Otherwise, it is also possible to use the sameSite attribute on the session ID cookie to prevent CSRF (https://www.owasp.org/index.php/SameSite).






              share|improve this answer























              • This answer helped me out a lot. Ended up creating a javascript library to enable this: github.com/keithhackbarth/submitAsJSON
                – keithhackbarth
                Apr 18 at 4:57












              • @keithhackbarth I updated my answer, I think the HTML form hack to send JSON is only useful if you want to send data without having JavaScript enabled (so a library would not work without JavaScript). You can directly use XMLHttpRequest otherwise.
                – baptx
                Nov 22 at 18:12
















              5














              HTML forms don't support JSON, you have to use AJAX to send JSON.



              But if you just want to test the security of an application, to see if it is vulnerable to a CSRF attack, there is a hack to send JSON data as plain text, like described in this article: https://systemoverlord.com/2016/08/24/posting-json-with-an-html-form.html



              An HTML form has the advantage to not require JavaScript enabled and does not have a same-origin policy protection unlike AJAX XMLHttpRequest, so an HTML form can send data to any third-party domain.
              In fact it looks like it is also possible to send GET and POST request to third-party domains with XMLHttpRequest (you will just get a warning saying that you can't read the response), even if not allowed by CORS as long as you don't change the Content-Type header to "application/json": https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Examples_of_access_control_scenarios



              Here is an example from the article:



              <body onload='document.forms[0].submit()'>
              <form method='POST' enctype='text/plain'>
              <input name='{"secret": 1337, "trash": "' value='"}'>
              </form>
              </body>


              However if you try to set the enctype form parameter to "application/json" instead of "text/plain", it will not be recognized and it will result in the default "application/x-www-form-urlencoded" Content-Type HTTP header.



              Some applications will check that the Content-Type HTTP header is "application/json", so it will prevent a CSRF attack (unless you have Flash Player installed: https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/). A better security would be to use an authenticity token, this will protect HTTP requests even if the data type is not JSON. Otherwise, it is also possible to use the sameSite attribute on the session ID cookie to prevent CSRF (https://www.owasp.org/index.php/SameSite).






              share|improve this answer























              • This answer helped me out a lot. Ended up creating a javascript library to enable this: github.com/keithhackbarth/submitAsJSON
                – keithhackbarth
                Apr 18 at 4:57












              • @keithhackbarth I updated my answer, I think the HTML form hack to send JSON is only useful if you want to send data without having JavaScript enabled (so a library would not work without JavaScript). You can directly use XMLHttpRequest otherwise.
                – baptx
                Nov 22 at 18:12














              5












              5








              5






              HTML forms don't support JSON, you have to use AJAX to send JSON.



              But if you just want to test the security of an application, to see if it is vulnerable to a CSRF attack, there is a hack to send JSON data as plain text, like described in this article: https://systemoverlord.com/2016/08/24/posting-json-with-an-html-form.html



              An HTML form has the advantage to not require JavaScript enabled and does not have a same-origin policy protection unlike AJAX XMLHttpRequest, so an HTML form can send data to any third-party domain.
              In fact it looks like it is also possible to send GET and POST request to third-party domains with XMLHttpRequest (you will just get a warning saying that you can't read the response), even if not allowed by CORS as long as you don't change the Content-Type header to "application/json": https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Examples_of_access_control_scenarios



              Here is an example from the article:



              <body onload='document.forms[0].submit()'>
              <form method='POST' enctype='text/plain'>
              <input name='{"secret": 1337, "trash": "' value='"}'>
              </form>
              </body>


              However if you try to set the enctype form parameter to "application/json" instead of "text/plain", it will not be recognized and it will result in the default "application/x-www-form-urlencoded" Content-Type HTTP header.



              Some applications will check that the Content-Type HTTP header is "application/json", so it will prevent a CSRF attack (unless you have Flash Player installed: https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/). A better security would be to use an authenticity token, this will protect HTTP requests even if the data type is not JSON. Otherwise, it is also possible to use the sameSite attribute on the session ID cookie to prevent CSRF (https://www.owasp.org/index.php/SameSite).






              share|improve this answer














              HTML forms don't support JSON, you have to use AJAX to send JSON.



              But if you just want to test the security of an application, to see if it is vulnerable to a CSRF attack, there is a hack to send JSON data as plain text, like described in this article: https://systemoverlord.com/2016/08/24/posting-json-with-an-html-form.html



              An HTML form has the advantage to not require JavaScript enabled and does not have a same-origin policy protection unlike AJAX XMLHttpRequest, so an HTML form can send data to any third-party domain.
              In fact it looks like it is also possible to send GET and POST request to third-party domains with XMLHttpRequest (you will just get a warning saying that you can't read the response), even if not allowed by CORS as long as you don't change the Content-Type header to "application/json": https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS?redirectlocale=en-US&redirectslug=HTTP_access_control#Examples_of_access_control_scenarios



              Here is an example from the article:



              <body onload='document.forms[0].submit()'>
              <form method='POST' enctype='text/plain'>
              <input name='{"secret": 1337, "trash": "' value='"}'>
              </form>
              </body>


              However if you try to set the enctype form parameter to "application/json" instead of "text/plain", it will not be recognized and it will result in the default "application/x-www-form-urlencoded" Content-Type HTTP header.



              Some applications will check that the Content-Type HTTP header is "application/json", so it will prevent a CSRF attack (unless you have Flash Player installed: https://www.geekboy.ninja/blog/exploiting-json-cross-site-request-forgery-csrf-using-flash/). A better security would be to use an authenticity token, this will protect HTTP requests even if the data type is not JSON. Otherwise, it is also possible to use the sameSite attribute on the session ID cookie to prevent CSRF (https://www.owasp.org/index.php/SameSite).







              share|improve this answer














              share|improve this answer



              share|improve this answer








              edited Nov 22 at 18:05

























              answered Apr 7 at 10:44









              baptx

              1,22811733




              1,22811733












              • This answer helped me out a lot. Ended up creating a javascript library to enable this: github.com/keithhackbarth/submitAsJSON
                – keithhackbarth
                Apr 18 at 4:57












              • @keithhackbarth I updated my answer, I think the HTML form hack to send JSON is only useful if you want to send data without having JavaScript enabled (so a library would not work without JavaScript). You can directly use XMLHttpRequest otherwise.
                – baptx
                Nov 22 at 18:12


















              • This answer helped me out a lot. Ended up creating a javascript library to enable this: github.com/keithhackbarth/submitAsJSON
                – keithhackbarth
                Apr 18 at 4:57












              • @keithhackbarth I updated my answer, I think the HTML form hack to send JSON is only useful if you want to send data without having JavaScript enabled (so a library would not work without JavaScript). You can directly use XMLHttpRequest otherwise.
                – baptx
                Nov 22 at 18:12
















              This answer helped me out a lot. Ended up creating a javascript library to enable this: github.com/keithhackbarth/submitAsJSON
              – keithhackbarth
              Apr 18 at 4:57






              This answer helped me out a lot. Ended up creating a javascript library to enable this: github.com/keithhackbarth/submitAsJSON
              – keithhackbarth
              Apr 18 at 4:57














              @keithhackbarth I updated my answer, I think the HTML form hack to send JSON is only useful if you want to send data without having JavaScript enabled (so a library would not work without JavaScript). You can directly use XMLHttpRequest otherwise.
              – baptx
              Nov 22 at 18:12




              @keithhackbarth I updated my answer, I think the HTML form hack to send JSON is only useful if you want to send data without having JavaScript enabled (so a library would not work without JavaScript). You can directly use XMLHttpRequest otherwise.
              – baptx
              Nov 22 at 18:12











              0














              Using Ajax request makes life much easier.



                  $.ajax({
              url: 'https://www.googleapis.com/urlshortener/v1/url',
              type: 'POST',
              data: JSON.stringify({
              longUrl: $scope.url
              }),
              contentType: 'application/json',
              success: function(got) {
              return alert("shortened url: " + got.id);
              }
              });


              The above works perfectly.






              share|improve this answer


























                0














                Using Ajax request makes life much easier.



                    $.ajax({
                url: 'https://www.googleapis.com/urlshortener/v1/url',
                type: 'POST',
                data: JSON.stringify({
                longUrl: $scope.url
                }),
                contentType: 'application/json',
                success: function(got) {
                return alert("shortened url: " + got.id);
                }
                });


                The above works perfectly.






                share|improve this answer
























                  0












                  0








                  0






                  Using Ajax request makes life much easier.



                      $.ajax({
                  url: 'https://www.googleapis.com/urlshortener/v1/url',
                  type: 'POST',
                  data: JSON.stringify({
                  longUrl: $scope.url
                  }),
                  contentType: 'application/json',
                  success: function(got) {
                  return alert("shortened url: " + got.id);
                  }
                  });


                  The above works perfectly.






                  share|improve this answer












                  Using Ajax request makes life much easier.



                      $.ajax({
                  url: 'https://www.googleapis.com/urlshortener/v1/url',
                  type: 'POST',
                  data: JSON.stringify({
                  longUrl: $scope.url
                  }),
                  contentType: 'application/json',
                  success: function(got) {
                  return alert("shortened url: " + got.id);
                  }
                  });


                  The above works perfectly.







                  share|improve this answer












                  share|improve this answer



                  share|improve this answer










                  answered Oct 18 '13 at 18:18









                  Sangram Singh

                  5,128123871




                  5,128123871






























                      draft saved

                      draft discarded




















































                      Thanks for contributing an answer to Stack Overflow!


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.





                      Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                      Please pay close attention to the following guidance:


                      • Please be sure to answer the question. Provide details and share your research!

                      But avoid



                      • Asking for help, clarification, or responding to other answers.

                      • Making statements based on opinion; back them up with references or personal experience.


                      To learn more, see our tips on writing great answers.




                      draft saved


                      draft discarded














                      StackExchange.ready(
                      function () {
                      StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f19446544%2fpost-request-to-include-content-type-and-json%23new-answer', 'question_page');
                      }
                      );

                      Post as a guest















                      Required, but never shown





















































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown

































                      Required, but never shown














                      Required, but never shown












                      Required, but never shown







                      Required, but never shown







                      Popular posts from this blog

                      What visual should I use to simply compare current year value vs last year in Power BI desktop

                      How to ignore python UserWarning in pytest?

                      Alexandru Averescu