asp.net - Why are GET requests returning JSON disallowed by default?

Question

Welcome To Ask or Share your Answers For Others

asp.net - Why are GET requests returning JSON disallowed by default?

asked Oct 24, 2021 in Technique[技术] by 深蓝 (71.8m points)

asp.net - Why are GET requests returning JSON disallowed by default?

As part of the ASP.NET MVC 2 Beta 2 update, JSON GET requests are disallowed by default. It appears that you need to set the JsonRequestBehavior field to JsonRequestBehavior.AllowGet before returning a JsonResult object from your controller.

public JsonResult IsEmailValid(...)
{
    JsonResult result = new JsonResult();

    result.Data = ..... ;
    result.JsonRequestBehavior = JsonRequestBehavior.AllowGet;

    return result;
}

What is the reasoning behind this? If I am using JSON GET to try and do some remote validation, should I be using a different technique instead?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Answer

深蓝 · Answer 1 · 2021-10-23T19:02:51+0000

The reason for the DenyGet default is on MSDN with a link to Phil Haack's blog for further details. Looks like a Cross-Site scripting vulnerability.

Categories

asp.net - Why are GET requests returning JSON disallowed by default?

asp.net - Why are GET requests returning JSON disallowed by default?

Please log in or register to add a comment.

Please log in or register to answer this question.

1 Answer

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags