Json allowget error

jquery json asp.net-mvc

This error comes up in our MVC app randomly. Sometimes doing the same exact thing it won't sometimes, it will. Does anyone know if this has to do with anything that could be a simple fix, or if this is something common that a lot of you have seen?

System.InvalidOperationException: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.
   at System.Web.Mvc.JsonResult.ExecuteResult(ControllerContext context)
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext controllerContext, ActionResult actionResult)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.b__11()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
   at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
   at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
   at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
   at System.Web.Mvc.Controller.ExecuteCore()
   at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
   at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
   at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.b__4()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.b__0()
   at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.b__7(IAsyncResult _)
   at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
   at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
   at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
   at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
   at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)

Solution 1:

Answer for your question was in the stack trace. "JsonRequestBehavior to AllowGet"

So use it in your Controller as:

return Json(data, JsonRequestBehavior.AllowGet)

Solution 2:

You should read http://haacked.com/archive/2009/06/24/json-hijacking.aspx/ before bypassing these security controls.

If you only expose your JSON data in response to a Http POST, then you are not vulnerable to this attack.

You can simply annotate your JSON action with [HttpPost] and in the client do something like

$.post('/blag/JSON', function (data) {
       //do something with my json data object here

});

Solution 3:

It seems that you call sometime the controller action per HTTP GET. To be able to return JSON results you should use code like

return Json(data, JsonRequestBehavior.AllowGet);

Related

PHP class not found but it's included
Suppress console output during RSpec tests
get datatype of column using pyspark
jquery UI sortable: how can I change the appearance of the "placeholder" object?
C++ - struct vs. class [duplicate]
Link entire table row? [duplicate]
jQuery select element in parent window
Sending JSON using the django test client
Cannot push to git repository - permission denied
Bootstrap modal not displaying
How can I clear the terminal screen in Go?
How I can retrieve current fragment in NavHostFragment?