GET request with JSON body - is it possible to handle?

Hi! I want to receive GET request with JSON body.

#router
...
  pipeline :api do
    plug :accepts, ["json"]
  end

  scope "/", PsRbkWeb do
    pipe_through :api
    get "/order", PaymentController, :index
  end
...

# controller
...
  def index(conn, _some_params) do
    IO.inspect(conn) # empty body_params: %{} in conn
  end
...

After I made GET request to “/order” with some json in body (with header Content-Type=application/json). - have empty body_params: %{} in conn in my controller.

Here is resulting conn, sorry for length:

%Plug.Conn{
  adapter: {Plug.Cowboy.Conn, :...},
  assigns: %{},
  before_send: [#Function<1.112466771/1 in Plug.Logger.call/2>,
   #Function<0.66982185/1 in Phoenix.LiveReloader.before_send_inject_reloader/2>],
  body_params: %{},
  cookies: %Plug.Conn.Unfetched{aspect: :cookies},
  halted: false,
  host: "localhost",
  method: "GET",
  owner: #PID<0.596.0>,
  params: %{},
  path_info: ["order"],
  path_params: %{},
  port: 4000,
  private: %{
    PsRbkWeb.Router => {[], %{}},
    :phoenix_action => :index,
    :phoenix_controller => PsRbkWeb.PaymentController,
    :phoenix_endpoint => PsRbkWeb.Endpoint,
    :phoenix_format => "json",
    :phoenix_layout => {PsRbkWeb.LayoutView, :app},
    :phoenix_pipelines => [:api],
    :phoenix_router => PsRbkWeb.Router,
    :phoenix_view => PsRbkWeb.PaymentView,
    :plug_session_fetch => #Function<1.58261320/1 in Plug.Session.fetch_session/1>
  },
  query_params: %{},
  query_string: "",
  remote_ip: {127, 0, 0, 1},
  req_cookies: %Plug.Conn.Unfetched{aspect: :cookies},
  req_headers: [
    {"accept", "*/*"},
    {"accept-charset", "UTF-8"},
    {"accept-encoding", "gzip, deflate"},
    {"cache-control", "no-cache"},
    {"connection", "keep-alive"},
    {"content-length", "353"},
    {"content-type", "application/json"},
    {"host", "localhost:4000"},
    {"postman-token", "70bc9e11-1ef4-493d-a556-cf4876d28bc2"},
    {"user-agent", "PostmanRuntime/7.4.0"}
  ],
  request_path: "/order",
  resp_body: nil,
  resp_cookies: %{},
  resp_headers: [
    {"cache-control", "max-age=0, private, must-revalidate"},
    {"x-request-id", "2lonnum7h1c48rmudk000gu1"}
  ],
  scheme: :http,
  script_name: [],
  secret_key_base: :...,
  state: :unset,
  status: nil
}

So, the question is: Is it possible to receive any json data in GET request body and access it form controller? (Or I have to give up and use POST with JSON body). Please, guide me to the right direction.

HTTP GET does not have a body as far as I remember…

1 Like

It’s not mandatory, and it’s possible to send and process GET with body. link

Ohyeah, you are right, according to RFC 7231:

A payload within a GET request message has no defined semantics;
sending a payload body on a GET request might cause some existing
implementations to reject the request.

So, according to the RFC, you either should be able to access the body or never see the request.

Perhaps the pipeline doesn’t parse the body as it does not expect it? How is your plug parser configured?

1 Like

Plugs are default ones in my case, including parser.

defmodule PsRbkWeb.Endpoint do
  require CacheBodyReader
  use Phoenix.Endpoint, otp_app: :ps_rbk

  socket "/socket", PsRbkWeb.UserSocket,
    websocket: true,
    longpoll: false

  # Serve at "/" the static files from "priv/static" directory.
  #
  # You should set gzip to true if you are running phx.digest
  # when deploying your static files in production.
  plug Plug.Static,
    at: "/",
    from: :ps_rbk,
    gzip: false,
    only: ~w(css fonts images js favicon.ico robots.txt)

  # Code reloading can be explicitly enabled under the
  # :code_reloader configuration of your endpoint.
  if code_reloading? do
    socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
    plug Phoenix.LiveReloader
    plug Phoenix.CodeReloader
  end

  plug Plug.RequestId
  plug Plug.Logger

  plug Plug.Parsers,
    parsers: [:urlencoded, :multipart, :json],
    pass: ["*/*"],
    json_decoder: Phoenix.json_library()

  plug Plug.MethodOverride
  plug Plug.Head

  # The session will be stored in the cookie and signed,
  # this means its contents can be read but not tampered with.
  # Set :encryption_salt if you would also like to encrypt it.
  plug Plug.Session,
    store: :cookie,
    key: "**********",
    signing_salt: "********"

  plug PsRbkWeb.Router
end

Per your link:

Server semantics for GET, however, are restricted such that a body, if any, has no semantic meaning to the request. The requirements on parsing are separate from the requirements on method semantics.

IE it’s allowed BUT the server isn’t supposed to do anything with it.

Not supposed to, but I like to have such option. :grinning:

I found quite hacky solution:

# controller
...
  def index(conn, _some_params) do
    {:ok, body, _conn} = Plug.Conn.read_body(conn)
    IO.inspect(body)           # got string with escape characters, but better than nothing 
  end

I think to write custom plug and put this body to some custom field in conn. By the way, Plug.Parsers don’t parse GET requests, so no point to add custom handler for GET requests into parsers. I hope, this will help somebody.

2 Likes

Could be useful to PR in a configureable option for it to parse all bodies regardless of method or via a configureable set of methods? :slight_smile: