6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"How to prevent json hijack on mvc\",\"text\":\"

how to prevent json hijack on mvc?

\\n\\n

[PreventHijack]\\npublic JsonResult Check(int id)\\n{\\n   return Json(id, JsonRequestBehavior.AllowGet);\\n}\\n

\\n\\n

javascript

\\n\\n

$.ajax({\\n   url: \\\"/Controller/Check?id=1\\\",\\n   type: \\\"post\\\",\\n   success: function(data) {\\n   }\\n})\\n

\\n\\n

I don't want anyone to browse this jsonresult through the addressbar.\\nIs it possible to use the antiforgerytoken here?

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"valrecx\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","ajax",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/ajax/1","children":"ajax"}]}],["$","span","asp.net-mvc",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/asp.net-mvc/1","children":"asp.net-mvc"}]}],["$","span","json",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/json/1","children":"json"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://www.gravatar.com/avatar/3cb39fbb8cb112169b4508de3465b8eb?s=256&d=identicon&r=PG","alt":"valrecx","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/1097307/valrecx","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"valrecx"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",469]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"How to prevent json hijack on mvc"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

how to prevent json hijack on mvc?

\n\n

[PreventHijack]\npublic JsonResult Check(int id)\n{\n   return Json(id, JsonRequestBehavior.AllowGet);\n}\n

\n\n

javascript

\n\n

$.ajax({\n   url: \"/Controller/Check?id=1\",\n   type: \"post\",\n   success: function(data) {\n   }\n})\n

\n\n

I don't want anyone to browse this jsonresult through the addressbar.\nIs it possible to use the antiforgerytoken here?

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",980]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","9562476",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/xVPtR.jpg?s=256","alt":"Scott Weaver","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/244811/scott-weaver","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Scott Weaver"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",7361]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

You are explicitly allowing users to browse to the URL with JsonRequestBehavior.AllowGet. If you take that out, .NET will throw an error upon hitting that URL: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",1]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","15174911",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15174911","className":"text-blue-600 hover:underline","children":"Json Hijacking with Ajax Jquery post request"}]}],["$","li","101162",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/101162","className":"text-blue-600 hover:underline","children":"JSON and ASP.NET MVC"}]}],["$","li","2327007",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/2327007","className":"text-blue-600 hover:underline","children":"jQuery ASP.NET MVC JSON call hackable?"}]}],["$","li","21127657",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/21127657","className":"text-blue-600 hover:underline","children":"How to handle json repsonse in Ajax request"}]}],["$","li","19033385",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/19033385","className":"text-blue-600 hover:underline","children":"How to secure a JsonResult?"}]}],["$","li","1269106",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/1269106","className":"text-blue-600 hover:underline","children":"How do I prevent JSON serialization in ASP.NET MVC?"}]}],["$","li","15385427",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/15385427","className":"text-blue-600 hover:underline","children":"Securing JSON services"}]}],["$","li","10972059",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/10972059","className":"text-blue-600 hover:underline","children":"Securing JSON and ASP.NET MVC2"}]}],["$","li","7271581",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/7271581","className":"text-blue-600 hover:underline","children":"How best to secure Json requests in Mvc app?"}]}],["$","li","4023243",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/4023243","className":"text-blue-600 hover:underline","children":"Security Request for JSon Result in Asp.Net MVc"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

How to prevent json hijack on mvc

Answers (1)

Related Questions