Set JsonRequestBehavior to AllowGet

Sep 23 2011 4:58 AM

If you’re working with ASP.NET MVC and JsonResult, you may encounter this error:

This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.
Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace: 

[InvalidOperationException: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.]
   System.Web.Mvc.JsonResult.ExecuteResult(ControllerContext context) +325809
   System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext controllerContext, ActionResult actionResult) +13
   System.Web.Mvc.<>c__DisplayClass1c.<InvokeActionResultWithFilters>b__19() +23
   System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation) +260
   System.Web.Mvc.<>c__DisplayClass1e.<InvokeActionResultWithFilters>b__1b() +19
   System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation) +260
   System.Web.Mvc.<>c__DisplayClass1e.<InvokeActionResultWithFilters>b__1b() +19
   System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) +177
   System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +343
   System.Web.Mvc.Controller.ExecuteCore() +116
 

As error messages go, it’s pretty nice that it tells you what you need to do to fix the problem. Unfortunately, it doesn’t tell you how or where to set JsonRequestBehavior to AllowGet. A quick search turned up this post, which shows the syntax you need.  When you’re in a controller action that returns a JsonResult, you typically just return Json(foo) to use the default serializer.  If you want to AllowGet for this action, simply pass in a second parameter with JsonRequestBehavior.AllowGet, like so:

public JsonResult GetData()
{
  // get the data
  return Json(theData, JsonRequestBehavior.AllowGet);
}


If you never want to block GET requests, first be sure you know why they’re being blocked, for security reasons.  Then, you can simply override the Json() method in a BaseController class that inherits from Controller, and then have you controllers inherit from your BaseController.  The override would look something like this (also from this post):




protected override JsonResult Json(object data, 
    string contentType, 
    System.Text.Encoding contentEncoding) 
{ 
    return Json(data, contentType, JsonRequestBehavior.AllowGet); 
} 


    

        

        
        
        blog comments powered by Disqus