Endpoint
public function index() {
$data = $this->request->getJSON();Source code (/codeigniter4/CodeIgniter4/system/HTTP/IncomingRequest.php)
public function getJSON(bool $assoc = false, int $depth = 512, int $options = 0) {
return json_decode($this->body, $assoc, $depth, $options);JSON Content-Type
Doesn't have built-in Content-Type checking functionality, attacker can use application/x-www-form-urlencoded Content-Type with JSON body.
Multipart Content-Type
Same as PHP