tracker issue : CF-4204069

select a category, or use search below
(searches all categories and all time range)
Title:

CFHTTP method "get" not getting correct mime type after hot fix

| View in Tracker

Status/Resolution/Reason: To Test//Fixed

Reporter/Name(from Bugbase): Kevin B. / ()

Created: 03/06/2019

Components: Security, General

Versions: 2016,11.0,2018

Failure Type: Non Functioning

Found In Build/Fixed In Build: 1 /

Priority/Frequency: Normal / All users will encounter

Locale/System: English / Win 2012 Server x64

Vote Count: 1

Problem Description: After the last hot fix, CFHTTP "get" method is throwing a 400 error on requests with username/password.

Steps to Reproduce: 
<cfhttp 
url="#mearestservers['url']#" 
method="get" 
result="r2" 
timeout="20" 
username="xxxxxxxxx" 
password="xxxxxxx">
</cfhttp>

Actual Result: Error 400: unable to process request psdi.util.MXSystemException

Expected Result: JSON result

Any Workarounds: None

Attachments:

Comments:

This problem exists in CF 2016 Update 10 and CF 2018 Update 3. It was not present before the hot fix.
Comment by Kevin B.
30441 | March 06, 2019 05:20:07 PM GMT
One more comment, when I view the REST URL in a web browser, it gets the JSON as expected.
Comment by Kevin B.
30442 | March 06, 2019 05:31:10 PM GMT
I am seeing the same problem, thanks!
Comment by Walker P.
30443 | March 06, 2019 05:34:08 PM GMT
Hi Kevin , We have a repro for CF 11 update 16 . But we are unable to reproduce the issue on CF 2016 & CF 2018. This is the code that we are using: {code:java} <cfhttp url="https://xxxxxxxxxxxxxxxxxx.xxxxx.xxxxx/execute?Distance=%7Bdistance%3A0.50%2Cunits%3AesriMiles%7D&BufferPoint={sr:{wkid:2914},geometryType:esriGeometryPoint,features:[{geometry:{x:4288581,y:872909,spatialReference:{wkid:2914}}}]}&f=pjson" method="get" timeout="380" > </cfhttp> <cfdump var = "#CFHTTP#"> {code} Let us know if you are facing the issue on all the three version. It would be great if you can give us a repro code.   Thanks, Suchika
Comment by Suchika S.
30491 | March 13, 2019 11:06:04 AM GMT
This issue is reproducible in CF 11. I am not able to repro it on CF 2016 & 2018 . 
Comment by Suchika S.
30492 | March 13, 2019 11:07:21 AM GMT
The code I provided is what is reproducible in CF2016 and CF2018. We do not use CF11, so I can't speak to that. It is not complex code (see again below). When we rolled back the hot fix, the code again works. Note, like you we are using https, but we are also authenticating with basic authentication (my example had a username/password). When we run the code below with the latest hot fix, we get the following response back: "Error 400: unable to process request psdi.util.MXSystemException". When we run the URL in a browser, we see the properly formatted JSON code. <cfhttp url="https://*************/rest%2Fmbo%2Fperson%2F%3F_includecols%3Dpersonid%2Cfirstname%2Clastname%26_format%3Djson%26_compact%3D1%26_uw%3Dpersonid%20in%20(%0A%09%09%09%09select%20personid%0A%09%09%09%09from%20maxuser%0A%09%09%09%09where%20upper(loginid)%20%3D%20%27LOGINIDGOESHERE%27%0A%09%09%09)%26_dropnulls%3Dfalse" method="get" result="r" timeout="60" username="*********" password="*********"> </cfhttp> <cfdump var=#r#>
Comment by Kevin B.
30494 | March 13, 2019 02:02:14 PM GMT
Suchika - Did the hot fix make some change to CFHTTP that would cause responses to look malformed? Is there a work around I can try?
Comment by Kevin B.
30504 | March 14, 2019 01:06:14 PM GMT
Hi Kevin, We need some information from your end for us to reproduce the issue. Can you let us know what environment is CF running in , standalone/JEE ? What JDK are you using?  You told us that the service hosted is running on SSL with basic authentication , is your CF also running on HTTPS ? Thanks, Suchika
Comment by Suchika S.
30526 | March 18, 2019 09:34:11 AM GMT
Sure. Our servers are running in Windows 2012 R2, with multiple JEE instances of ColdFusion 2016. The JDK running is 1.8.0_181. ColdFusion with IIS is running all traffic through SSL (port 443). On my development machines, I also have the same issue. I am running Windows 10 in standalone ColdFusion 2018. The Java version is 10.0.1. In this environment ColdFusion with IIS is not using SSL, but is using regular HTTP (port 80). Both these examples were running fine prior to the hotfix. When we uninstalled (rolled back) the hotfix, they continue to work. It is only when the hotfix is applied to both CF2016 and CF2018 that things go badly. When I run the same call in a web browser, the result JSON is well formed.
Comment by Kevin B.
30527 | March 18, 2019 11:26:47 AM GMT