This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.
What the heck?A quick Google turned up a couple articles about MVC 2's new JsonRequestBehavior, and specifically the MSDN article (the link to Haack is dead, so here's a good one). Ok, good to know. I wasn't aware of that vulnerability, but in the mean time I need this project working.
I could modify the actions to call a Json overload which accepts the JsonRequestBehavior.
return Json(myjson, JsonRequestBehavior.AllowGet);
But since I have somewhere between 50-80 Json actions in this app, that would be a lot of find-replace. Plus, when I finish modifying my client library to use POST requests, I would have to do it all over again. A one stop solution would be much preferable.
If your project already uses a base controller class, you can do one simple override:
protected override JsonResult Json(object data, string contentType,
Encoding contentEncoding, JsonRequestBehavior behavior)
{
// TODO: change all my GET Json request into POST
return base.Json(data, contentType, contentEncoding,
JsonRequestBehavior.AllowGet);
}