[Looking for Charlie's main web site?]

Sending HTTP headers in a CFHTTP request? Name them correctly

Note: This blog post is from 2011. Some content may be outdated--though not necessarily. Same with links and subsequent comments from myself or others. Corrections are welcome, in the comments. And I may revise the content as necessary.
If you ever try to use CFHTTPPARAM (inside a CFHTTP) to set HTTP headers for the request you're calling, be aware that you need to be careful to specify the name of the headers as they're known in the HTTP specification. Don't be misled by what you see in a CFML dump of the CGI scope.

(This is a reprisal and update of an old blog entry I'd done back in 2003, on a blog site that will soon no longer exist. I'll be reprising a few such blog entries in coming days/weeks, to keep them around for posterity [and to save some having to dig for them in the archive.org site] since often the info offered then may be just as valuable now. I hope that in time these new versions would come up if people do searches that would have found the old entry.)

So, about these http headers, while CFML exposes them in a dump of the CGI scope, such as the user-agent field which shows up as cgi.http_user_agent, the issue is that you would not use that name, nor even "user_agent", when specifying it in a CFHTTPPARAM. The proper way to pass the user agent in a CFHTTPPARAM would be as follows:

<cfhttpparam name="user-agent" value="somevalue" type="CGI">

Why is this an issue, and how may it happen?

An easy mistake to be lulled into

The point is that the name of the header you specify must be a name that is correct according to the http specifications, not the headername as it appears in CFML when you dump the CGI scope. The problem is that CF tries to "help" you by how it labels the headers in these scopes, but it does not show them in the actual name you must specify if you're going to be sending it in a CFHTTPPARAM request.

It's is an easy mistake to be lulled into, especially if you aren't careful to confirm the results in the page you are calling. And if you are trying to call some non-CF server, and things aren't working, this may well be the reason.

Other possible headers of interest

Other headers of possible interest that you may want to specify when doing a CFHTTP request are Accept, Accept-Encoding, Referer, and so on. So if you were wanting to send/spoof what CF would show as the cgi.http_referer variable, you'd want to send it with the name just as "referer".

Alternative type="cgi" and type="header"

FWIW, note that I am using here the type="CGI" value. CFML also supports a type="header". The difference is in whether CF urlencodes the result before sending it (it does not for type="header"), which could be another issue to consider. This encoding can also be turned on or off with the available "encoded" attribute, at least for type="cgi".

Yes, you don't need to use cfhttpparam for sending the user agent

Finally, someone may want to point out that you don't even need to use CFHTTPPARAM to send the user agent, since CFHTTP offers a separate built-in USERAGENT attribute which can be used instead. Yes, this is do.

I suspect it's an older approach that either existed before CFHTTPPARAM permitted passing it, or it was put in as a shortcut.

But the point of this entry is that if you do need to set this or any other headers within the CFHTTPPARAM, be aware of using the correct http header name.

For more content like this: Need more help with problems?
  • If you may prefer direct help, rather than digging around here/elsewhere or via comments, I can help via my consulting services
  • See that for more on how I can help a) over the web, safely and securely, b) usually very quickly, c) teaching you as we go, and d) with satisfaction guaranteed
Comments
Copyright ©2019 Charlie Arehart
Carehart Logo
BlogCFC was created by Raymond Camden. This blog is running version 5.005.
(Want to validate the html in this page?)

Managed Hosting Services provided by
Managed Dedicated Hosting