What 'sensitive information' could be disclosed when setting JsonRequestBehavior to AllowGet

asp.net-mvc json security http-post http-get
A. Murray picture A. Murray · Jan 30, 2014 · Viewed 94.3k times · Source

I've been getting the same old error every time I test a new URL from my browser's address bar when I'm returning Json (using the built-in MVC JsonResult helper):

This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.

Rather than grunt in acknowledgement and fire up Fiddler to do a post request, this time, I'm wondering exactly what it is that a GET request exposes that a POST request doesn't?

Answer

OldTrain picture OldTrain · May 18, 2015

in your return use the following:

return this.Json("you result", JsonRequestBehavior.AllowGet);

Related questions

Send JSON data via POST (ajax) and receive json response from Controller (MVC)

I created a function in javascript like that: function addNewManufacturer() { var name = $("#id-manuf-name").val(); var address = $("#id-manuf-address").val(); var phone = $("#id-manuf-phone").val(); var sendInfo = { Name: name, Address: address, Phone: phone }; $.ajax({ type: "POST", url: "/Home/Add", dataType: "json", success: function (…

Read More
How to pass json POST data to Web API method as an object?

ASP.NET MVC4 Web API application defines post method to save customer. Customer is passed in json format in POST request body. Customer parameter in post method contains null values for properties. How to fix this so that posted data …

Read More
Can I set an unlimited length for maxJsonLength in web.config?

I am using the autocomplete feature of jQuery. When I try to retrieve the list of more then 17000 records (each won't have more than 10 char length), it's exceeding the length and throws the error: Exception information: Exception type: InvalidOperationException Exception …

Read More