Pete Freitag's Homepage

ColdFusion returning empty response with server-error: true

I see this issue catch a lot of people, and it got me today. If you have a file /api/test.cfm on ColdFusion 10 or greater it might not work due to ColdFusion's REST implementation controlling the /api or /rest URIs....

Careful applying CF11u16, CF2016u8, CF2018u2

Adobe released new security updates and bug fixes for ColdFusion 11, 2016 and 2018 this week. Normally these things go pretty smooth and any issue introduced by an update is typically minimal, but I can't say that has been the case for this update....

Sessions don't work in Chrome but do in IE

I observed an interesting thing today while helping a client. The problem was presented as:

We have a bunch of Chrome users having issues where a session variable is not working between page requests....

csrfVerifyToken does not invalidate the token

When you are using csrfGenerateToken and csrfVerifyToken with unique categories, the token that is generated remains valid until another token is generated with the forceNew argument set to true....

The cf_sql_ is optional in cfqueryparam

This is not exactly a new trick, but it is quite useful and I find not many people know that the cf_sql_ prefix is optional in the cfsqltype attribute of cfqueryparam. So instead of doing this:

WHERE id = <cfqueryparam value="#url....

Cookie Expires / Max-Age 1969-12-31T23:59:59.000Z

Have you ever noticed a cookie in Chrome Developer Tools showing a Expires / Max-Age value of 1969-12-31T23:59:59.000Z?

Such a cookie is known as a browser session cookie it will persist for as long as the browser is open....

Burst Throttling on AWS API Gateway Explained

One nice feature of AWS API Gateway is that you can configure or Throttle the Burst (requests) and Rate (requests per second). The first time I looked at that it was not really clear to me how the Burst (requests) throttling works....

How to Resolve Java HTTPS Exceptions

TLDR: Most java HTTPS connection problems can be fixed by updating the JVM. Don't import into cacerts unless you really need to (eg you have an internal CA within your organization). Test other http clients to make sure it is really a java problem....

Tomcat Java 10 on Windows CreateJavaVM Failed

I ran into some issues getting the Lucee Tomcat 8.5 service to start on with Java 10.0.2 on a Windows 2016 Server....

SameSite Cookies with IIS

SameSite cookies are a great technique for mitigating Cross Site Request Forgery attacks. The only downside is that not all browsers support them yet (ahem... looking at you IE)....

Facebook API Now Requires Review for user_friends Permission

Looking at the Facebook Developer API documentation yesterday, I noticed a subtle change in the permissions that they give to developers without review on the graph API....

Docker Container exited with code 137

When attempting to fire up a bunch of docker containers using docker-compose on a Mac, one of the containers was randomly exiting with the exit code 137....
there is more to this site: sitemap