[Looking for Charlie's main web site?]

Sending HTTP headers in a CFHTTP request? Name them correctly

Note: This blog post is from 2011. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
If you ever try to use CFHTTPPARAM (inside a CFHTTP) to set HTTP headers for the request you're calling, be aware that you need to be careful to specify the name of the headers as they're known in the HTTP specification. Don't be misled by what you see in a CFML dump of the CGI scope.

(This is a reprisal and update of an old blog entry I'd done back in 2003, on a blog site that will soon no longer exist. I'll be reprising a few such blog entries in coming days/weeks, to keep them around for posterity [and to save some having to dig for them in the archive.org site] since often the info offered then may be just as valuable now. I hope that in time these new versions would come up if people do searches that would have found the old entry.)

So, about these http headers, while CFML exposes them in a dump of the CGI scope, such as the user-agent field which shows up as cgi.http_user_agent, the issue is that you would not use that name, nor even "user_agent", when specifying it in a CFHTTPPARAM. The proper way to pass the user agent in a CFHTTPPARAM would be as follows:

[....Continue Reading....]

Applying CF security hotfixes: do it from oldest to newest (depending!)

Note: This blog post is from 2011. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
If you may be applying several security hotfixes to a new implementation of CF (or one where none have been applied before), you may wonder if there's any significance to applying them in either chronological order (newest to oldest, or oldest to newest). The technotes don't really clarify this.

Update: Great news. It turns out that just days before I wrote this entry in late 2011, Adobe had in fact addressed and resolved this problem (quietly, I'd say) by making security fixes written from Dec 2011 (apsb11-29) on now have 2 sets of steps, one for if you HAD applied the security hotfix previous to it, and one for if you HAD NOT. And this has proven to be the case for the next few, as I write this update in late 2012. So we can now consider them effectively "cumulative", for those from Dec 2011, on. You need only focus on the latest, and follow either of its 2 provided sets of steps.

That said, I'm not 100% sure if all those from Dec 2011 include all ones prior to that. Has anyone tested things to know?

I'll leave the rest of the note below here for posterity, but stricken out.

[....Continue Reading....]

Copyright ©2020 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting