ColdFusion returning empty response with server-error: true

coldfusion I see this issue catch a lot of people, and it got me today. If you have a file /api/test.cfm on ColdFusion 10 or greater it might not work due to ColdFusion's REST implementation controlling the /api or /rest URIs.


This entry was:

Careful applying CF11u16, CF2016u8, CF2018u2

coldfusion Adobe released new security updates and bug fixes for ColdFusion 11, 2016 and 2018 this week. Normally these things go pretty smooth and any issue introduced by an update is typically minimal, but I can't say that has been the case for this update.


This entry was:

Sessions don't work in Chrome but do in IE

web I observed an interesting thing today while helping a client. The problem was presented as:

We have a bunch of Chrome users having issues where a session variable is not working between page requests. We set the variable on one page, it is not defined on the next page request.


This entry was:

csrfVerifyToken does not invalidate the token

coldfusion When you are using csrfGenerateToken and csrfVerifyToken with unique categories, the token that is generated remains valid until another token is generated with the forceNew argument set to true.


This entry was:

The cf_sql_ is optional in cfqueryparam

coldfusion This is not exactly a new trick, but it is quite useful and I find not many people know that the cf_sql_ prefix is optional in the cfsqltype attribute of cfqueryparam. So instead of doing this:

WHERE id = <cfqueryparam value="#url.


This entry was:

foundeo


did you hack my cf?