Set JsonRequestBehavior to AllowGet
Date Published: 23 September 2011
If you’re working with ASP.NET MVC and JsonResult, you may encounter this error:
This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.InvalidOperationException: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.
Source Error:
An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.
Stack Trace:
[InvalidOperationException: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.]
System.Web.Mvc.JsonResult.ExecuteResult(ControllerContext context) +325809
System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext controllerContext, ActionResult actionResult) +13
System.Web.Mvc.<>c__DisplayClass1c.<InvokeActionResultWithFilters>b__19() +23
System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation) +260
System.Web.Mvc.<>c__DisplayClass1e.<InvokeActionResultWithFilters>b__1b() +19
System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult) +177
System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName) +343
System.Web.Mvc.Controller.ExecuteCore() +116
As error messages go, it’s pretty nice that it tells you what you need to do to fix the problem. Unfortunately, it doesn’t tell you how or where to set JsonRequestBehavior to AllowGet. A quick search turned up this post, which shows the syntax you need. When you’re in a controller action that returns a JsonResult, you typically just return Json(foo) to use the default serializer. If you want to AllowGet for this action, simply pass in a second parameter with JsonRequestBehavior.AllowGet, like so:
{
// get the data
return Json(theData, JsonRequestBehavior.AllowGet);
}
If you never want to block GET requests, first be sure you know why they’re being blocked, for security reasons. Then, you can simply override the Json() method in a BaseController class that inherits from Controller, and then have you controllers inherit from your BaseController. The override would look something like this (also from this post):
protected override JsonResult Json(object data,
string contentType,
System.Text.Encoding contentEncoding)
{
return Json(data, contentType, JsonRequestBehavior.AllowGet);
}
Tags - Browse all tags
Category - Browse all categories
About Ardalis
Software Architect
Steve is an experienced software architect and trainer, focusing on code quality and Domain-Driven Design with .NET.