Home Library Learn Downloads Support Community
Sign in | United States - English | |
1 out of 4 rated this helpful - Rate this topic

JsonRequestBehavior Enumeration

.NET Framework 4

Specifies whether HTTP GET requests from the client are allowed.

Namespace:  System.Web.Mvc
Assembly:  System.Web.Mvc (in System.Web.Mvc.dll)
C#
C++
VB
Copy 
public enum JsonRequestBehavior
Member name Description
AllowGet HTTP GET requests from the client are allowed.
DenyGet HTTP GET requests from the client are not allowed.

The default value is DenyGet. Allowing GET requests can result in a user visiting one Web site while still logged into another Web site. This can create an information-disclosure security vulnerability. For information about this vulnerability, see the entry JSON Hijacking on Phil Haack's blog.

Did you find this helpful?
(1500 characters remaining)
Community Content Add
Annotations FAQ
Broken link
The link to Phil Haack's blog is broken. Here is the correct (at the time I'm writting this) one: http://haacked.com/archive/2009/06/25/json-hijacking.aspx
History