此错误随机出现在我们的MVC应用中。有时做同样的事情,有时也不会。有没有人知道这是否与任何可能是简单修复的事情有关,或者这是很多人见过的常见事情?
System.InvalidOperationException: This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request. To allow GET requests, set JsonRequestBehavior to AllowGet.
at System.Web.Mvc.JsonResult.ExecuteResult(ControllerContext context)
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResult(ControllerContext controllerContext, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.b__11()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultFilter(IResultFilter filter, ResultExecutingContext preContext, Func`1 continuation)
at System.Web.Mvc.ControllerActionInvoker.<>c__DisplayClass14.<>c__DisplayClass16.b__13()
at System.Web.Mvc.ControllerActionInvoker.InvokeActionResultWithFilters(ControllerContext controllerContext, IList`1 filters, ActionResult actionResult)
at System.Web.Mvc.ControllerActionInvoker.InvokeAction(ControllerContext controllerContext, String actionName)
at System.Web.Mvc.Controller.ExecuteCore()
at System.Web.Mvc.ControllerBase.Execute(RequestContext requestContext)
at System.Web.Mvc.ControllerBase.System.Web.Mvc.IController.Execute(RequestContext requestContext)
at System.Web.Mvc.MvcHandler.<>c__DisplayClass8.b__4()
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass1.b__0()
at System.Web.Mvc.Async.AsyncResultWrapper.<>c__DisplayClass8`1.b__7(IAsyncResult _)
at System.Web.Mvc.Async.AsyncResultWrapper.WrappedAsyncResult`1.End()
at System.Web.Mvc.MvcHandler.EndProcessRequest(IAsyncResult asyncResult)
at System.Web.Mvc.MvcHandler.System.Web.IHttpAsyncHandler.EndProcessRequest(IAsyncResult result)
at System.Web.HttpApplication.CallHandlerExecutionStep.System.Web.HttpApplication.IExecutionStep.Execute()
at System.Web.HttpApplication.ExecuteStep(IExecutionStep step, Boolean& completedSynchronously)
答案 0 :(得分:120)
您的问题的答案在堆栈跟踪中。 “JsonRequestBehavior to AllowGet”
所以在你的Controller中使用它:
return Json(data, JsonRequestBehavior.AllowGet)
答案 1 :(得分:22)
在绕过这些安全控制之前,您应该阅读http://haacked.com/archive/2009/06/24/json-hijacking.aspx/。
如果您只是公开您的JSON数据以响应Http POST,那么您就不会受到此攻击。
您可以使用[HttpPost]简单地注释您的JSON操作,并在客户端执行类似
的操作$.post('/blag/JSON', function (data) {
//do something with my json data object here
});
答案 2 :(得分:4)
您似乎有时会根据HTTP GET调用控制器操作。为了能够返回JSON结果,您应该使用像
这样的代码return Json(data, JsonRequestBehavior.AllowGet);
答案 3 :(得分:-1)
return Json(PartialView("index").ToJsonObject(this), JsonRequestBehavior.AllowGet);