2

By default Django's JsonResponse class doesn't allow non-dict objects like arrays. I've looked at the documentation but it never explains why that'd be unsafe or otherwise undesired.

Are there any good reasons only to use dict objects? I found something about old security vulnerabilities but as far as I can tell that's all patched up now.

Pieter
  • 893
  • 1
  • 8
  • 20

1 Answers1

0

As far as I know, it's just non standard. JSON is JavaScript Object Notation, so it's expected of JSON responses to be well, JavaScript objects. Most HTTP libraries would expect an object out of a Content-Type: json response, and might fail to parse your array response depending on the implementation.

Lucas Lavandeira
  • 71
  • 5
  • I'm pretty sure the "object" in the name is meant more generically, rather than the referring specifically to the set of key/value pairs also called an object. – chepner Apr 17 '19 at 14:33
  • Is there an official spec for this? Because the [Wikipedia article](https://en.wikipedia.org/wiki/JSON#Data_types_and_syntax) does mention arrays as one of the JSON data types. – Pieter Apr 18 '19 at 06:40
  • I found [the relevant RFC](https://tools.ietf.org/html/rfc7159) and arrays are an officially supported type. – Pieter Apr 18 '19 at 06:45