JSON Issue: This request has been blocked because sensitive information – MVC

Hey everyone,

Started redoing Learner Lessons in MVC4 and AngularJS today. I ran into this little issue while trying to retrieve JSON:

This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet

It turns out that this behavious is intentionally prevented in order to avoid JSON hijacking. Thankfully the data I’m working with is not at all sensitive so the workaround is pretty straight forward:

public ActionResult Index()
{
     return Json(db.Regions.ToList(), JsonRequestBehavior.AllowGet);
}

Source: http://stackoverflow.com/a/4616442/522859

For those of you working with sensitive data that don’t want to risk exposing it, posting is suggested as an alternative on StackOverflow: http://stackoverflow.com/a/6440163/522859

Leave a Reply