tags:

views:

263

answers:

2
Q: 

Meet with error -- "Updates are currently disallowed on GET requests"

Hello everyone,

I am using SharePoint Server 2007 Enterprise with Windows Server 2008 Enterprise. I have deployed a publishing portal. I am developing a ASP.Net web application using VSTS 2008 + C# + .Net 3.5 + ASP.Net + SharePoint Server 2007 SDK.

Here is my code snippets and I got error -- "Updates are currently disallowed on GET requests". Any ideas how to fix?

Microsoft.SharePoint.SPException: Updates are currently disallowed on GET requests. To allow updates on a GET, set the 'AllowUnsafeUpdates' property on SPWeb.

        protected void Page_Load(object sender, EventArgs e)
        {
            try
            {
                SPWebApplication webApp = SPContext.Current.Site.WebApplication;
                SPSiteCollection siteCollections = webApp.Sites;
                foreach (SPSite item in siteCollections)
                {
                    SPWeb webItem = item.OpenWeb();
                    webItem.AllowUnsafeUpdates = true;
                }

                SPSite newSiteCollection = siteCollections.Add("sites/myblog",
                    "New Sample Site", "New Sample Site Description", 1033, "BLOG#0",
                    "foo\\foouser", "Owner name", "[email protected]");
            }
            catch (Exception ex)
            {
                Response.Write(ex.ToString() + "\t" + ex.StackTrace);
            }
        }

thanks in advance, George

+1  A: 

Add a check to ensure that you are getting a POST instead of a GET before you attempt to allow updates. Make sure that whatever is making the change does it via a POST request rather than using URL parameters and a GET.

if (IsPostBack)
{
   ...
}
tvanfosson  2010-02-23 12:42:47
Add this if check to where?
George2  2010-02-23 13:07:47
Wrap everything inside the `try` block I would imagine, though if the request is being sent as a get, this will simply mean that it does nothing -- no exception, but no code executed either.
tvanfosson  2010-02-23 13:12:18
Why get method can not be used? I think from the error message, it means get can be used when we enable AllowUnsafeUpdates. Any comments?
George2  2010-02-23 13:18:16
+1  A: 

The problem why you are not allowed to read/write to database on GET request is because your code will be exploitable via a cross-site scripting. Read about AllowUnsafeUpdates consequences here.

Anyway, if you like, you can set this SPWeb.AllowUnsafeUpdates to true, but use it like this:

try {
  web.AllowUnsafeUpdates = true;
  ...
}
finally {
  web.AllowUnsafeUpdates = false;
}
Janis Veinbergs  2010-02-24 09:17:53
DO you mean if I put your code into try/catch block in Page_Load of aspx?
George2  2010-02-24 13:39:13
Yes, you wrap this code around where you call .Add method of SPSiteCollection object.And do not loop SPWeb objects setting AllowUnsafeUpdates to true (and you don't even call SPWeb.Dispose). See here: http://msdn.microsoft.com/en-us/library/aa973248.aspxSPSite iteself has AllowUnsafeUpdates property - you should probably use that.
Janis Veinbergs  2010-02-24 14:28:22
Thanks, question answered!
George2  2010-02-25 05:07:07

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?