I encountered error “This
request has been blocked because sensitive information could be disclosed to
third party web sites when this is used in a GET request. To allow GET
requests, set JsonRequestBehavior to AllowGet.” when I tried to
return JSON response from MVC controller.
Here is a MVC Controller method,
which returns the JSON response.
public JsonResult GetUserClaims(string userID)
{
var response
=_userManager.GetClaims(userID);
return Json(response);
Here is
a reason for this exception:
By default,
the ASP.NET MVC framework does not allow you to respond to an HTTP GET request
with a JSON payload.
If you need to send JSON in
response to a GET, you'll need to explicitly allow the behavior by using
JsonRequestBehavior.AllowGet as the second parameter to the Json method.
However, there is a chance a malicious user can gain access to the JSON payload
through a process known as JSON Hijacking. You do not want to return sensitive
information using JSON in a GET request.
Here the way to set JsonRequestBehavior
to AllowGet for JSON response
public JsonResult GetUserClaims(string userID)
{
var response
=_userManager.GetClaims(userID);
return Json(response,JsonRequestBehavior.AllowGet);
No comments:
Post a Comment