File tree 1 file changed +15
-2
lines changed
components/http_foundation
1 file changed +15
-2
lines changed Original file line number Diff line number Diff line change @@ -446,8 +446,20 @@ class, which can make this even easier::
446446 ));
447447
448448This encodes your array of data to JSON and sets the ``Content-Type `` header
449- to ``application/json ``. If you're using JSONP, you can set the callback
450- function that the data should be passed to::
449+ to ``application/json ``.
450+
451+ .. caution ::
452+
453+ To avoid `JSON Hijacking `_, you should pass an associative array as the
454+ outer-most array to ``JsonResponse `` and not an indexed array so that
455+ the final result is an object (e.g. ``{"object": "not inside an array"} ``)
456+ instead of an array (e.g. ``[{"object": "inside an array"}] ``).
457+
458+ JSONP Callback
459+ ~~~~~~~~~~~~~~
460+
461+ If you're using JSONP, you can set the callback function that the data should
462+ be passed to::
451463
452464 $response->setCallback('handleResponse');
453465
@@ -464,3 +476,4 @@ Session
464476The session information is in its own document: :doc: `/components/http_foundation/sessions `.
465477
466478.. _Packagist : https://packagist.org/packages/symfony/http-foundation
479+ .. _`JSON Hijacking` : http://haacked.com/archive/2009/06/25/json-hijacking.aspx
You can’t perform that action at this time.
0 commit comments