CODEWITHSUNDEEP
jqueryasp.net-mvcjson
slandau
slandau

Reputation: 24052

Json allowget error

This error comes up in our MVC app randomly. Sometimes doing the same exact thing it won't sometimes, it will. Does anyone know if this has to do with anything that could be a simple fix, or if this is something common that a lot of you have seen?

System.InvalidOperationException: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.
   at System.Web.Mvc.JsonResult.ExecuteResult(ControllerContext context)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext controllerContext, ActionResult actionResult)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.b__11()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
   at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
   at System.Web.Mvc.Controller.ExecuteCore()
   at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
   at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
   at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.b__4()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.b__0()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.b__7(IAsyncResult _)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Upvotes: 51

Views: 46463

Answers (4)

Farhad Manafi
Farhad Manafi

Reputation: 334

return Json(PartialView("index").ToJsonObject(this), JsonRequestBehavior.AllowGet);

Upvotes: -1

Yablargo
Yablargo

Reputation: 3596

You should read http://haacked.com/archive/2009/06/24/json-hijacking.aspx/ before bypassing these security controls.

If you only expose your JSON data in response to a Http POST, then you are not vulnerable to this attack.

You can simply annotate your JSON action with [HttpPost] and in the client do something like

$.post('/blag/JSON', function (data) {
       //do something with my json data object here

});

Upvotes: 22

Oleg
Oleg

Reputation: 221997

It seems that you call sometime the controller action per HTTP GET. To be able to return JSON results you should use code like

return Json(data, JsonRequestBehavior.AllowGet);

Upvotes: 4

Chandu
Chandu

Reputation: 82913

Answer for your question was in the stack trace. "JsonRequestBehavior to AllowGet"

So use it in your Controller as:

return Json(data, JsonRequestBehavior.AllowGet)

Upvotes: 121

Related Questions