1

I'm using Safe browsing API to check some URLs from my database, but the request gives me this result:

data {
  "error": {
    "code": 400,
    "message": "Invalid JSON payload received. Unknown name \"threatInfo[threatTypes][0]\": Cannot bind query parameter. Field 'threatInfo[threatTypes][0]' could not be found in request message.\nInvalid JSON payload received. Unknown name \"threatInfo[threatTypes][1]\": Cannot bind query parameter. Field 'threatInfo[threatTypes][1]' could not be found in request message.\nInvalid JSON payload received. Unknown name \"threatInfo[platformTypes][0]\": Cannot bind query parameter. Field 'threatInfo[platformTypes][0]' could not be found in request message.\nInvalid JSON payload received. Unknown name \"threatInfo[threatEntryTypes][0]\": Cannot bind query parameter. Field 'threatInfo[threatEntryTypes][0]' could not be found in request message.\nInvalid JSON payload received. Unknown name \"threatInfo[threatEntries][0][url]\": Cannot bind query parameter. Field 'threatInfo[threatEntries][0][url]' could not be found in request message."
  }
}

I'm trying the following code:

const request = require('request');
    const body = {
      threatInfo: {
        threatTypes: ["SOCIAL_ENGINEERING", "MALWARE"],
        platformTypes: ["ANY_PLATFORM"],
        threatEntryTypes: ["URL"],
        threatEntries: [{url: "http://www.urltocheck2.org/"}]
      }
    }

    const options = {
      headers: {
        "Content-Type": "application/json"
      },
      method: "POST",
      url: "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${API_KEY}",
      form: body
    }

    console.log(options);
    request(options,
        function(err, res, data) {
            console.log('data', data)
            if (!err && res.statusCode == 200) {
              console.log(data);
            }
        }
    )

I expected the output of the request be {} with a 200 status code on this sample.

J. Gandra
  • 553
  • 6
  • 12
  • 1
    setting `form` sets the content-type to `application/x-www-form-urlencoded` - which may be the issue - try using `json:` instead of `form:` – Jaromanda X Aug 06 '19 at 02:44
  • 1
    Content-type is application/json, but in the options you set 'form'. Here's an example of creating a request with json https://stackoverflow.com/a/27190736/426840 – Robin van der Knaap Aug 06 '19 at 02:44

1 Answers1

1

If you look in the request() doc for the form property, you will see this:

form - when passed an object or a querystring, this sets body to a querystring representation of value, and adds Content-type: application/x-www-form-urlencoded header. When passed no options, a FormData instance is returned (and is piped to request). See "Forms" section above.

When you look at the Google safe browsing API, you will see this:

POST https://safebrowsing.googleapis.com/v4/threatMatches:find?key=API_KEY HTTP/1.1 Content-Type: application/json

You are sending Content-type: application/x-www-form-urlencoded, but the API wants Content-Type: application/json. You need to send JSON, not form encoded data.

You can probably just change the form property to the json property by changing from this:

const options = {
  headers: {
    "Content-Type": "application/json"
  },
  method: "POST",
  url: "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${API_KEY}",
  form: body
}

to this:

const options = {
  method: "POST",
  url: "https://safebrowsing.googleapis.com/v4/threatMatches:find?key=${API_KEY}",
  json: body     // <=== change here
}

The content-type is automatically set either way to match the format of the generated body so you don't need to set it.

jfriend00
  • 683,504
  • 96
  • 985
  • 979