What ‘sensitive information’ could be disclosed when setting JsonRequestBehavior to AllowGet
in your return use the following: return this.Json(“you result”, JsonRequestBehavior.AllowGet);
http-get
Is GET data also encrypted in HTTPS?
The entire request is encrypted, including the URL, and even the command (GET). The only thing an intervening party such as a proxy server can glean is the destination address and port. Note, however, that the Client Hello packet of a TLS handshake can advertise the fully qualified domain name in plaintext via the SNI … Read more
Is there a limit to the length of a GET request? [duplicate]
Not in the RFC, no, but there are practical limits. The HTTP protocol does not place any a priori limit on the length of a URI. Servers MUST be able to handle the URI of any resource they serve, and SHOULD be able to handle URIs of unbounded length if they provide GET-based forms that … Read more
Cache an HTTP ‘Get’ service response in AngularJS?
Angular’s $http has a cache built in. According to the docs: cache – {boolean|Object} – A boolean value or object created with $cacheFactory to enable or disable caching of the HTTP response. See $http Caching for more information. Boolean value So you can set cache to true in its options: $http.get(url, { cache: true}).success(…); or, … Read more
When submitting a GET form, the query string is removed from the action URL
Isn’t that what hidden parameters are for to start with…? <form action=”http://www.example.com” method=”GET”> <input type=”hidden” name=”a” value=”1″ /> <input type=”hidden” name=”b” value=”2″ /> <input type=”hidden” name=”c” value=”3″ /> <input type=”submit” /> </form> I wouldn’t count on any browser retaining any existing query string in the action URL. As the specifications (RFC1866, page 46; HTML 4.x … Read more
Why am I getting an OPTIONS request instead of a GET request?
According to MDN, Preflighted requests Unlike simple requests (discussed above), “preflighted” requests first send an HTTP OPTIONS request header to the resource on the other domain, in order to determine whether the actual request is safe to send. Cross-site requests are preflighted like this since they may have implications to user data. In particular, a … Read more
When do you use POST and when do you use GET?
Use POST for destructive actions such as creation (I’m aware of the irony), editing, and deletion, because you can’t hit a POST action in the address bar of your browser. Use GET when it’s safe to allow a person to call an action. So a URL like: http://myblog.org/admin/posts/delete/357 Should bring you to a confirmation page, … Read more
Are querystring parameters secure in HTTPS (HTTP + SSL)? [duplicate]
Yes. The querystring is also encrypted with SSL. Nevertheless, as this article shows, it isn’t a good idea to put sensitive information in the URL. For example: URLs are stored in web server logs – typically the whole URL of each request is stored in a server log. This means that any sensitive data in … Read more
OS X: equivalent of Linux’s wget
I’m going to have to say curl http://127.0.0.1:8000 -o outfile
HTTP GET request in JavaScript?
Browsers (and Dashcode) provide an XMLHttpRequest object which can be used to make HTTP requests from JavaScript: function httpGet(theUrl) { var xmlHttp = new XMLHttpRequest(); xmlHttp.open( “GET”, theUrl, false ); // false for synchronous request xmlHttp.send( null ); return xmlHttp.responseText; } However, synchronous requests are discouraged and will generate a warning along the lines of: … Read more