What 'sensitive information' could be disclosed when setting JsonRequestBehavior to AllowGet

A. Murray picture A. Murray · Jan 30, 2014 · Viewed 94.3k times · Source

I've been getting the same old error every time I test a new URL from my browser's address bar when I'm returning Json (using the built-in MVC JsonResult helper):

This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.

Rather than grunt in acknowledgement and fire up Fiddler to do a post request, this time, I'm wondering exactly what it is that a GET request exposes that a POST request doesn't?

Answer

OldTrain picture OldTrain · May 18, 2015

in your return use the following:

return this.Json("you result", JsonRequestBehavior.AllowGet);