Specifies whether HTTP GET requests from the client are allowed.
Assembly: System.Web.Mvc (in System.Web.Mvc.dll)
HTTP GET requests from the client are allowed.
HTTP GET requests from the client are not allowed.
Return to top
The default value is JSON Hijacking on Phil Haack's blog.. Allowing GET requests can result in a user visiting one Web site while still logged into another Web site. This can create an information-disclosure security vulnerability. For information about this vulnerability, see the entry