php://input <> $_POST?

Question

I\'m experimenting with Firefox\'s Content Security Policy. Basically it\'s a special header for the webpage that tells the browser which resources are valid.

When s

Answer 1

If a request is sent as POST it is not necessarily encoded as normal application/x-www-form-urlencoded or multipart/form-data. Should Firefox send a JSON body, then PHP doesn't know how to decode it.

You have to check $_SERVER["HTTP_CONTENT_TYPE"]. If it contains application/json then you must indeed read php://stdin:

if (stripos($_SERVER["HTTP_CONTENT_TYPE"], "application/json")===0) {
     $_POST = json_decode(file_get_contents("php://input"));
// or something like that