http headers - Read Request Payload in ColdFusion -
trying out content security policy , using report method , data sending post (see edits, supposed post, request headers get) page use email myself. in browser developer tools can see data in request payload, don't know how access scope. form scope empty , gethttprequestdata() doesn't show payload key.
how access data in request payload in coldfusion?
edit: in dev tools can see in network tab post page 4 sections: general, response headers, request headers , request payload. need access request payload data.
request headers:
get /campuses/content-report/ http/1.1 host: domain.com connection: keep-alive user-agent: mozilla/5.0 (windows nt 6.1; wow64) applewebkit/537.36 (khtml, gecko) chrome/43.0.2357.130 safari/537.36 accept: */* referer: http://domain.com/page/ accept-encoding: gzip, deflate, sdch accept-language: en-us,en;q=0.8 cookie: **[removed]** request payload:
{ "csp-report":{ "document-uri":"http://domain.com/page/", "referrer":"http://domain.com/", "violated-directive":"default-src 'self' 'sha256-l2tc50iuabz2udc-dnkwo-fkzrsl5clnzkfu5lgx5ao=' https://stats.g.doubleclick.net http://netdna.bootstrapcdn.com http://www.google-analytics.com https://www.google.com https://fonts.gstatic.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com http://www.etutoring.org", "effective-directive":"img-src", "original-policy":"default-src 'self' 'sha256-l2tc50iuabz2udc-dnkwo-fkzrsl5clnzkfu5lgx5ao=' https://stats.g.doubleclick.net http://netdna.bootstrapcdn.com http://www.google-analytics.com https://www.google.com https://fonts.gstatic.com https://ajax.googleapis.com https://cdn.jsdelivr.net https://maxcdn.bootstrapcdn.com;style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com;script-src 'self' https://www.google-analytics.com https://ajax.googleapis.com https://cdn.jsdelivr.net 'nonce-3e89ebdb49f712c7d90d1b39e348bbbf';report-uri /campuses/content-report;", "blocked-uri":"https://www.google-analytics.com", "status-code":200 } } gethttprequestdata contains request headers not request payload. did notice website read said security policy send data via post headers get. cause issue? should in url scope? not @ machine @ moment.
so looking in right spot, gethttprequestdata didn't realize setup url not have trailing slash , iis rewrite rules redirecting / version of page , header data being lost in process.
Comments
Post a Comment