tracker issue : CF-4203068

select a category, or use search below
(searches all categories and all time range)
Title:

Dockable debugger template loads images from CIDE

| View in Tracker

Status/Resolution/Reason: To Fix//BugReVerified

Reporter/Name(from Bugbase): Bradley Wood / ()

Created: 07/11/2018

Components: Debugging

Versions: 2016,13.0

Failure Type: Others

Found In Build/Fixed In Build: Final /

Priority/Frequency: Normal /

Locale/System: / Platforms All

Vote Count: 2

In 2016 we were told that we could block CFIDE from public access and all static assets could be controlled from the cf scripts default directory which was configurable.  However, when you chose the "dockable.cfm" debugging output setting, there are requests to images such as:

http://servername/CFIDE/debug/images/bgleft.gif

These appear to be hard coded to point to CFIDE and don't obey the scripts setting.  This means that there is no way for these images to work on a server that's had the CFIDE folder properly locked down.

Attachments:

Comments:

Hi Brad, I tried to reproduce this. When I choose "dockable.cfm" , I did not see any network call to the CFIDE->debug->Images. Can you tell me which all changes on CF Administrator leads to the mentioned network call? Meanwhile, I am also checking the requirement for these static image files on CF Admin pages.  1) If yes, there are calls happening to these static files->  They should be moved to cf_scripts folder. 2) if no, there are no calls happening to these static files-> They should not be present then. Thanks -Poonam
Comment by Poonam Jain
29290 | July 12, 2018 05:37:57 AM GMT
Hi Poonam, can you check your browser debugging tab to see if you've filtered the types of requests that show up? I'm seeing these images plain as day. For instance, when I use the dockable view, I see: /CFIDE/debug/images/none.gif /CFIDE/debug/images/open.gif And even when I change to the default "classic.cfm" template I see this: /CFIDE/debug/images/topdoc.gif This is a 2016 server started by CommandBox: server start cfengine=adobe@2016
Comment by Bradley Wood
29296 | July 12, 2018 05:33:56 PM GMT
Hi Brad, There is no filtration applied in my browser debugging tab. I also tried with three different browsers. Let me check this with CommandBox installation and will get back to you, Thanks Poonam  
Comment by Poonam Jain
29336 | July 13, 2018 04:43:16 AM GMT
Hi Poonam, Confirmed. CF2016's dockable.cfm makes network requests to: - /CFIDE/debug/images/none.gif (the "-" icon) - /CFIDE/debug/images/open.gif (the "+" icon) - /CFIDE/debug/images/topdoc.gif (the paper icon seen when expanding "Execution Times" CF2016's classic.cfm makes network request to: - /CFIDE/debug/images/topdoc.gif (the paper icon seen when in the "Execution Time" section) And.... 2018.0.0.310608's classic.cfm & dockable.cfm completely fail!! No debug output at all when "Enable Request Debugging Output" is enabled. Am I missing something?? Thanks!, -Aaron
Comment by Aaron Neff
29337 | July 14, 2018 07:20:31 AM GMT
wish I could edit comment.. "the paper icon seen when in the "Execution Time" section" should've been "the paper icon seen in the "Execution Time" section"
Comment by Aaron Neff
29338 | July 14, 2018 07:21:49 AM GMT
+1 ………..
Vote by Aaron Neff
29341 | July 14, 2018 07:22:12 AM GMT
Oh! I am able to repro this. Missed the network calls for the new browser windows opened. My bad. Yes, this is clearly an issue. These images should obey the cfscripts settings. Moving this to Tofix. Thanks Aaron and Brad!  
Comment by Poonam Jain
29339 | July 17, 2018 06:36:00 AM GMT
Thanks for the note.
Comment by Bradley Wood
29340 | July 17, 2018 06:46:12 AM GMT