File tree Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Expand file tree Collapse file tree 1 file changed +11
-0
lines changed Original file line number Diff line number Diff line change @@ -925,6 +925,16 @@ The ``JsonResponse`` class sets the ``Content-Type`` header to
925925 Only methods that respond to GET requests are vulnerable to XSSI 'JSON Hijacking'.
926926 Methods responding to POST requests only remain unaffected.
927927
928+ .. warning ::
929+
930+ The ``JsonResponse `` constructor exhibits non-standard JSON encoding behavior
931+ and will treat ``null `` as an empty object if passed as a constructor argument,
932+ despite null being a `valid JSON top-level value `_.
933+
934+ This behavior cannot be changed without backwards-compatibility concerns, but
935+ it's possible to call ``setData `` and pass the value there to opt-out of the
936+ behavior.
937+
928938JSONP Callback
929939~~~~~~~~~~~~~~
930940
@@ -1017,6 +1027,7 @@ Learn More
10171027.. _nginx : https://www.nginx.com/resources/wiki/start/topics/examples/xsendfile/
10181028.. _Apache : https://tn123.org/mod_xsendfile/
10191029.. _`JSON Hijacking` : https://haacked.com/archive/2009/06/25/json-hijacking.aspx/
1030+ .. _`valid JSON top-level value` : https://www.json.org/json-en.html
10201031.. _OWASP guidelines : https://cheatsheetseries.owasp.org/cheatsheets/AJAX_Security_Cheat_Sheet.html#always-return-json-with-an-object-on-the-outside
10211032.. _RFC 8674 : https://tools.ietf.org/html/rfc8674
10221033.. _Doctrine Batch processing : https://www.doctrine-project.org/projects/doctrine-orm/en/2.14/reference/batch-processing.html#iterating-results
You can’t perform that action at this time.
0 commit comments