Home > ASP.NET, Share Point > SharePoint: Updates are currently disallowed on GET requests

SharePoint: Updates are currently disallowed on GET requests

     When I need to set unique permissions to a SPListItem I usually use the code like the following:

using (SPSite spSite = new SPSite("some url"))
    using (SPWeb spWeb = spSite.OpenWeb())
        bool oldAllowUnsafeUpdates = spWeb.AllowUnsafeUpdates;
        spWeb.AllowUnsafeUpdates = true;

            SPList spList = spWeb.Lists["some list"];

            SPListItem spLisItem = spList.GetItemById(someId);

            SPRoleDefinition reader = spWeb.RoleDefinitions.GetByType(SPRoleType.Reader);
            SPGroup someGrp = spWeb.Groups["some group"];

            SPRoleAssignment roleAssignment = new SPRoleAssignment(someGrp);
            spListItem.RoleAssignments.Add(roleAssignment); // (***) exception

        catch (Exception ex)
            // logging

        spWeb.AllowUnsafeUpdates = oldAllowUnsafeUpdates;

     It works fine almost everywhere: in feature receivers, in jobs, in console applications and so on. But today I’ve found out that it doesn’t work correctly if it runs from aspx-page’s code-behind when we have GET request (Page.IsPostBack = false). In the line marked (***) I receives a traditional exception – “Updates are currently disallowed on GET requests. To allow updates on a GET, set the ‘AllowUnsafeUpdates’ property on SPWeb”. As you can see I set spWeb.AllowUnsafeUpdates to true and even do spWeb.Update() (though it’s unnecessary in most cases), but nothing helps. Wrapping this code in SPSecurity.RunWithElevatedPrivileges doesn’t help either.

     After debugging for a while I’ve noticed that spWeb.AllowUnsafeUpdates gets false after spLisItem.BreakRoleInheritance:

// here spWeb.AllowUnsafeUpdates = true
// here spWeb.AllowUnsafeUpdates = false

     It should be noted that the same happens when we have a POST request (Page.IsPostback = true), but in this case it doesn’t cause exception. Interestingly that we have some kind of special treatment for GET request here :)

     The reason of such behavior has been found, as usual, by means of .NET Reflector. Not going into details I say that the calling of BreakRoleInheritance leads to the calling of Invalidate() method of SPWeb. Let’s take a look at this method:

internal void Invalidate()
    if (this.m_Request != null)
        if (this.m_RequestOwnedByThisWeb)
        this.m_Request = null;
    this.m_bInited = false;
    this.m_bPublicPropertiesInited = false;
    this.m_Url = null;

     It looks like Invalidate releases some resources and cleans itself (m_bInited = false), in the same time, doesn’t dispose itself, but just provokes reinitializing during the next address to it. After reinitialization spWeb.AllowUnsafeUpdates turns into false. An evident workaround is to set true to spWeb.AllowUnsafeUpdates again after BreakRoleInheritance.

// some code is skipped
spWeb.AllowUnsafeUpdates = true;
// some code is skipped

     I think there are many methods, which can cause SPWeb.Invalidate, for example, ResetRoleInheritance does the same, and, in a few special cases, SPWeb.Update either. That is why be ready to add restoring of AllowUnsafeUpdates to true. I hope this post will save time for somebody.

Related posts:
  1. May 27th, 2011 at 03:49 | #1

    Thank you so much – Saved me some time

  2. Andreu
    April 10th, 2012 at 10:55 | #2

    Thanks a lot!
    I have found this problem when I was modifying a webpart that worked fine since today.

    Suddenly the “Updates are currently disallowed on GET requests” error begin to appear.. the problem was that I had moved the spWeb.AllowUnsafeUdates =true few lines up.

    Moving this line to its original position after the BreakroleInheritance call the error has desapear.


  3. Suresh T G
    June 12th, 2012 at 09:39 | #3

    Hi All,

    Am getting this Error when am updating the SpItem as below:
    NOTE: the Web object is initialized through Spcontrol.getConextWeb(context);

    this.Web.AllowUnsafeUpdates = true;
    this.Web.AllowUnsafeUpdates = false;

    so i finally changed the code as below its worked fine:

    spItemObeject.Web.AllowUnsafeUpdates = true;
    spItemObeject.Web.AllowUnsafeUpdates = false;


    Suresh T G

  4. Philipp
    April 11th, 2013 at 05:50 | #4

    Why do you call SPWeb.Update() anyway?

    • Admin
      April 11th, 2013 at 10:32 | #5

      In some cases it’s really necessary to call SPWeb.Update() otherwise the statement

      spWeb.AllowUnsafeUpdates = true

      doesn’t affect anything. So, the code with SPWeb.Update() is more universal and works everywhere.
      However, if in your particular case it works without SPWeb.Update(), remove it fearlessly.

  5. siddhesh
    February 11th, 2014 at 04:37 | #6

    Thanks so much.
    Great explanation.

  1. No trackbacks yet.