If you've been trying out Asp.Net MVC 2 you might come across this error:

This request has been blocked because sensitive information could be disclosed to third party web sites when this is used in a GET request.

But it worked in MVC 1.0!  There is a security vulnerability using JQuery AJAX GET requests (JSON Hijacking) and in MVC 2 get requests  are blocked by default.  You can get around the problem and leave the security problem by adding JsonRequestBehavior.AllowGet when you return the JSON result:

   1: public JsonResult FindByCoordinates(string latitude, string longitude)

   2: {

   3:     IList<Object> records = new List<Object>

   4:         {

   5:             new 

   6:                 {

   7:                     Lat = "0.1122",

   8:                     Long = "51.12212"

   9:                 }

  10:         };

  11:  

  12:     return new JsonResult { Data = (records), JsonRequestBehavior = JsonRequestBehavior.AllowGet };

  13: }

The better approach is to avoid the possibility of JSON hijacking and use JQuery post instead:

   1: $.ajax({

   2:     type: "POST",

   3:     contentType: "application/json; charset=utf-8",

   4:     url: "/Home/FindEscortsByCoordinates",

   5: ....

   6: ....

Hope this helps anyone that comes across this.

In my last refactoring post I demonstrated using the MVCContrib helper extension Html.ScriptInclude to help tidy up jscript files.

This time I'll show you a another MVCContrib helper Html.Stylesheet.  As the name suggests it works in the same way as ScriptInclude but works for css stylesheets.

The key to this helper method is sticking with a convention of storing your css files in Content\Css:

Now in your master file use the following:

   1:  <head runat="server">

   2:      <title><asp:ContentPlaceHolder ID="TitleContent" runat="server" /></title>

   3:      

   4:      <%= Html.Stylesheet("Site.css") %>

   5:      <%= Html.Stylesheet("jquery.cluetip.css")%>

   6:      

   7:      <%= Html.ScriptInclude("Jquery-1.3.2.js") %>

   8:      <%= Html.ScriptInclude("Jquery-validate.js") %>

   9:      <%= Html.ScriptInclude("Jquery-metadata.js") %>

  10:      <%= Html.ScriptInclude("Jquery-cluetip.js") %>

  11:      <%= Html.ScriptInclude("Jquery-example.js") %>

  12:      <%= Html.ScriptInclude("jquery-ui-1.7.2.custom.min.js")%>

  13:      <%= Html.ScriptInclude("Form.Common.OnLoad.js") %>

  14:      <asp:ContentPlaceHolder ID="HeadContent" runat="server" />

  15:  </head>

Now that looks much better!

I came across this today and thought it was a very good list of useful articles:

http://www.ajaxline.com/25-plus-best-asp-net-mvc-tutorials-and-articles

One of the conventions within the ASP.NET MVC framework is store JavaScript files in the Scripts directory, nothing wrong with this and when you reference your scripts you probably do something like:

<script type="text/javascript" src="/scripts/FormHelpers.js"></script>

If you’re not using MVC Contrib in your applications then download it now! 

Once you reference the MVC Contrib assemblies you’ll have access to lots of goodies one of which relating to this post is the html helper extension Html.ScriptInclude.  Using this helper refactors the output by removing duplication and encapsulating the script location into one place.

   1: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

   2:  

   3: <html xmlns="http://www.w3.org/1999/xhtml">

   4: <head runat="server">

   5:     <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />

   6:        

   7:     <%= Html.ScriptInclude("Jquery.js") %>

   8:     <%= Html.ScriptInclude("Form.Helpers.js") %>

   9:     <%= Html.ScriptInclude("Form.Common.OnLoad.js") %>%>

  10:     

  11:     <asp:ContentPlaceHolder ID="head" runat="server">

  12:     </asp:ContentPlaceHolder>    

  13: </head>

  14: