tri_inn

tri_inn

  • 911
  • 1.2k
  • 109.9k

JSON Hijacking and ASP.Net MVC

Mar 1 2015 12:29 PM
i was reading article on web security from this url http://haacked.com/archive/2009/06/25/json-hijacking.aspx/

the person said if any action method return data in json format for get request then malicious user can do CSRF. he suggested if stop delivering json data for get request then bad people can not hijack our json.

my question is if hacker drop a jquery script which make a ajax post request then also json will be hijack. so please tell me after reading that article that what the person is trying to say like deliver json for post request is invulnerable. client auth cookie goes at the time of get & post method too. help me to understand how to stop JSON Hijacking and also why author is saying post is secure than get?


Answers (3)