https://stackabuse.com/get-http-post-body-in-express-js/
https://stackoverflow.com/questions/5710358/how-to-access-post-form-fields
Last active
April 6, 2021 08:50
-
-
Save xgqfrms/28436acbbc0b200b986ba263fa1176c1 to your computer and use it in GitHub Desktop.
Express.js Get HTTP POST json params
express.js & Content-Security-Policy: connect-src
res.set("Content-Security-Policy", "default-src 'self'");
https://content-security-policy.com/examples/express-js/
app.use(function(req, res, next) {
res.setHeader("Content-Security-Policy", "script-src 'self' https://apis.google.com");
return next();
});demo
app.use(function (req, res, next) {
// JSON parse
// console.log('req.body', req.body);
// CORS bug
res.header("Access-Control-Allow-Origin", "*");
res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");
// res.header("Content-Security-Policy", "connect-src *");
res.header("Content-Security-Policy", "connect-src '*'");
// res.header("Content-Security-Policy", "connect-src localhost");
// Content-Security-Policy: connect-src <source>;
// Content-Security-Policy: connect-src <source> <source>;
// res.header('Content-Type', 'application/json');
// res.setHeader('Content-Type', 'application/json');
next();
});
http://localhost:3000/api/get?q={%22username%22:%22xgqfrms%22}
fetch(`http://localhost:3000/api/post`, {
body: JSON.stringify({key: "value"}),
cache: "no-cache",
headers: {
"Content-Type": "application/json",
},
method: "POST",
mode: "cors",
})
.then(res => {
console.log(`res =`, res)
return res.json()
})
// .then(res => res.json())
.then(json => console.log(`json =`, json))
.catch(err => console.error(`error =`, err));
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CSP
connect-src
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/connect-src