If you've been trying out Asp.Net MVC 2 you might come across this error:
This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request.
But it worked in MVC 1.0! There is a security vulnerability using JQuery AJAX GET requests (JSON Hijacking) and in MVC 2 get requests are blocked by default. You can get around the problem and leave the security problem by adding JsonRequestBehavior.AllowGet when you return the JSON result:
1: public JsonResult FindByCoordinates(string latitude, string longitude)
2: {
3: IList<Object> records = new List<Object>
4: {
5: new
6: {
7: Lat = "0.1122",
8: Long = "51.12212"
9: }
10: };
11:
12: return new JsonResult { Data = (records), JsonRequestBehavior = JsonRequestBehavior.AllowGet };
13: }
The better approach is to avoid the possibility of JSON hijacking and use JQuery post instead:
1: $.ajax({
2: type: "POST",
3: contentType: "application/json; charset=utf-8",
4: url: "/Home/FindEscortsByCoordinates",
5: ....
6: ....
Hope this helps anyone that comes across this.