tracker issue : CF-4205714

select a category, or use search below
(searches all categories and all time range)

CFML image tags and functions that accept URLs should follow redirects, like cfhttp does

| View in Tracker

Status/Resolution/Reason: Open//

Reporter/Name(from Bugbase): Charlie A. / ()

Created: 10/29/2019

Components: CFIMAGE

Versions: 2018

Failure Type: Incorrect w/Workaround

Found In Build/Fixed In Build: update 5 (but not new to even cF2018) /

Priority/Frequency: Normal /

Locale/System: / Windows 10 64 bit

Vote Count: 3

If one uses any of the various CFML image processing tags or functions that accept URLs for the image to be processed, those tags (like cfimage) or functions (like imageread, imagresize, etc.) will fail with an error, if the URL results in a redirect from the server serving the image.

This could happen when the server changes from using http to https. In that case, while a browser would detect and follow that redirect and show the image, the CFML functions will NOT. Instead, they will fail with the error, "ColdFusion was unable to create an image from the specified source file". 

That's not at all an obvious error, and I have created a blog post on it to help others in this situation (but since I want to point to this ticket in that post, I will come back and offer the URL to the postin a comment).

I do realize that the feature to read images via a URL relies upon the underlying java httpclient library, and that does not follow redirects by default (per

But note that the cfhttp tag (which is ALSO built upon httpclient) DOES automatically follow redirects (up to 4 times, per the docs, unless it's told NOT to).  

Is there any reason that the CFML image processing tags and functions can't be changed to also follow redirects, unless told otherwise? 

And I have not filed this as a feature request, because really I'd think people would EXPECT that the image tags/functions would follow redirects, just like CFHTTP does. Or at least, they would expect that if it failed, the error message would be more clear than it is right now.



Here's the blog post I created, related to this:\
Comment by Charlie A.
31701 | October 29, 2019 06:19:24 PM GMT