http://coldfusion.com logo
Join Slack
Powered by
I have an old ACF 9 server running as an API to ou...
# adobe
c
I have an old ACF 9 server running as an API to our ERP system. It’s an old unsupported system that needs 32-bit COM support and ver 9 was the last one I could get to work. The system is isolated and only accessed via our internal network. Error emails stopped working a long time ago. Anyways, Starting this morning cfhttp calls to it are not passing cfhttpparams to the ACF 9 server. cfhttp( charset="utf-8", url=http://#util.getSystemSetting(EVEREST")#/item.cfc?wsdl&method=deactivate", result="item", method="POST" ) { cfhttpparam( name="itemCode", type="formfield", value=row.ITEMNO ); } This same line of code was working perfectly last week, now it is not. This is the error we are getting
Copy code
The ITEMCODE parameter to the deactivate function is required but was not passed in.
 Root Cause: coldfusion.runtime.MissingArgumentException: The ITEMCODE parameter to the deactivate function is required but was not passed in.
Have there been any updates to ACF@2021 in relation to http calls?
s
Is it safe to assume that you have already checked the data in row.ITEMNO to ensure that it is not passing an empty value or anything like that?
c
Yes, and I tried a second similar function with a good value and it had the same issue.
When a commandbox docker image spins up I believe it downloads fresh files from adobe, but I can't seem to find any info on updates or changes.
s
so on the "client" side the data is being sent correctly.. have you also done a dump or trace of the form scope on the cf9 server side to see how that parameter is coming across?
on the server side is your function set up to reciev specific httpmethods?
does it work if you use a get cfhttp request and pass the itemCode in the url params?
c
The form scope is empty on the cf9 side. I will try with a url var.
s
wierd... I am not aware of any changes to cfhttp/cfhttpparam that would cause it to not show up in the form scope... could there be something in your onrequeststart or other application.cfm/cfc code that could be clearing out the form scope?
(also possible there were some changes I am not aware of)
c
Seems to work fine as a URL value. I'm not sure what the difference would be?
Copy code
cfhttp( charset="utf-8", url="http://#util.getSystemSetting("EVEREST")#/item.cfc?wsdl&method=deactivate", result="item", method="POST" ) {
						cfhttpparam( name="itemCode", type="url", value=row.ITEMNO );
					}
s
as far as I know it should check both scopes when you hit it via http like that unless your function specifies a particular httpmethod
c
This new code works fine
s
ok... it's still wierd that your form scope was empty but at least you got it working.... I'll leave it to the smarter people than me to see if someone can explain why
πŸ‘ 1
c
Thanks for your help, now the trick is to get someone @ adobe to help. @priyank_adobe @Mark Takata (Adobe)
s
Yeah, this is definitly a duct tape and paper clips type of solution
c
Are there any potential issues with using URL fields instead of form fields?
s
assuming this is just a simple value then not likely, unless you have other code expecting that parameter in the form scope
c
The endpoint is a CFC and the code is using arguments
s
that is what I assumed.... but you never know what people will do... I've come accross code with form scope refrences within cfc functions
not everyone makes the best choices
πŸ˜† 1
c
So I think it should be fine. Just wondering about the security of URL vs FORM (as I'm sending it to a CF9 server 😬)
s
is it over https?
this url doesn't appear to be something that gets exposed in a browser or anything
so you should be fine
c
No, I might change that though.
It's one of those "if it ain't broke". It is only internally accessible though.
s
yeah, that is what I am thinking.... if you end up exposing this cf9 api to the public, that is where you will probably want to start taking security more seriously and upgrade your server
otherwise I would consider it "mitigated by design"
I would also definitely switch from http to https in that case too .... looks like http is hard coded now
c
This is a old unsupported ERP that needs a 32 COM API. So not able to upgrade the API. We are planning to upgrade the ERP in the next 2 years.
m
Good lord my phone is blowing up lol, what exactly is the ask here?
s
you could set up a firewall on your API to whitelist the IPs of the client servers
c
@Scott Bennett That is currently the setup
πŸ‘ 1
@Mark Takata (Adobe) cfhttpparams type form field just stopped being passed over http to a ACF9 server. Worked perfectly fine last week and when I change the type to url that fixes it
s
This used to work then stopped sending the variable:
Copy code
cfhttpparam( name="itemCode", type="formfield", value=row.ITEMNO );
changing the type to url got it to pass the value to the cfc
Copy code
cfhttpparam( name="itemCode", type="url", value=row.ITEMNO );
any changes to cfhttp/cfhttpparam recently?
m
In CF9? Pretty sure no changes, no.
c
No, in cf2021
s
client side (cfhttp) is 2021, receiving side is cf9
c
Might be a TLS issue?
s
you are using http
c
oh, that's right
Unless they are depreciating regular http in favor of https?
m
My first instinct would be to check all your certificates. Also TLS1 got killed in a lot of places, so I'm wondering if the web server is seeing an old protocol and is blowing up. Did you update anything serverwise anywhere?
Also what is update version on cf2021?
s
This request is http not https.... Cavan you can probably dump the cgi scope on the cf9 side to see if it is being switched over to ssl or something. it possible your cf9 server is redirecting the request at the web server level?
c
This app is running on commandbox docker. I believe it pulls fresh files from adobe on every start. This is a http request.
m
And did the issue begin occurring right after a cf update?
c
I don't believe so
s
maybe a command box issue?
m
Command box Docker using which image? The official Adobe? Also on aws or Docker hub?
c
Maybe, I asked in box-products too
This image ortussolutions/commandbox:adobe2021
@jclausen Would any of the recent commandbox docker updates have caused cfhttpparam type form to no longer be passed over http?
j
None at all that I can think of.
c
@Scott Bennett @Mark Takata (Adobe) Little update on this. Enabling TLS 1.2 and adding SSL to the CF9 Server in question allows FORMFIELDS to pass with the request. This resolves the issue.
πŸ‘ 2
Open in Slack
PreviousNext
Powered by