tracker issue : CF-3744211

select a category, or use search below
(searches all categories and all time range)
Title:

CFHTTP fails to redirect with POST, PUT, DELETE, or OPTIONS methods

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/

Reporter/Name(from Bugbase): Bryan Henderson / Bryan Henderson (Bryan Henderson)

Created: 04/16/2014

Components: Net Protocols, HTTP

Versions: 10.0

Failure Type: Incorrect w/Workaround

Found In Build/Fixed In Build: Final / CF10 Update16

Priority/Frequency: Major / All users will encounter

Locale/System: English / Win All

Vote Count: 0

Listed in the version 11.0.03.292480 Issues Fixed doc 
Problem Description: When a server responds with a 302 status code and a URL in the location header value, the CFHTTP tag will fail to follow the redirect when the redirect attribute is set to true and the method attribute is one of POST, PUT, DELETE, or OPTIONS.  The functionality in this case is the same as if the redirect attribute was set to false.

Steps to Reproduce: Post to any URL that will respond with a 302 status code and a URL in the location header with the redirect attribute set to 'yes'

Actual Result: The tag returns the response with 302 status code.

Expected Result: 200 status code response after all (up to supported limit) 302 location redirects have been followed.

Any Workarounds: manually process 302 response and use a second CFHTTP tag to access the new location with method GET.

This behavior is inconsistent with all earlier versions of CF, the Docs, and standard browsers.

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3744211

External Customer Info:
External Company:  
External Customer Name: iHateScreenNames2384
External Customer Email:  
External Test Config: My Hardware and Environment details: 

configuration 1: CF 10,0,12,286680 running on DELL Precision M6700, Windows 7 SP1, IIS 7.5

configuration 2: CF 10,0,12,286680, Windows Server 2008 R2, IIS 7.5

Attachments:

Comments:

Code to reproduce: File 1:redirectLimit.cfm--------------------------- <cfset info = { headers = GetHttpRequestData(), page = CGI.Script_Name, cookies = Duplicate(cookie), form = Duplicate(form), url = duplicate(URL) } /> <cfset ArrayAppend(application.redirect.requests, info) /> <cfset application.redirect = { running = true, requests = [info] } /> <cftry> <cfhttp method="post" url="http://localhost/scripts/redirectLimit1.cfm?loop=1" redirect="true" throwonerror="false" result="result"> <cfhttpparam type="formfield" name="formVal" value="2" /> </cfhttp> <cfdump var="#result#"> <cfcatch>Error: <cfdump var="#cfcatch#" expand="false" /> </cfcatch> </cftry> <cfset application.redirect.running = false /> <cfdump var="#application.redirect#" /> File 2:redirectLimit1.cfm----------------------------- <cfset info = { headers = GetHttpRequestData(), page = CGI.Script_Name, cookies = Duplicate(cookie), form = Duplicate(form), url = duplicate(URL) } /> <cfset ArrayAppend(application.redirect.requests, info) /> <cflocation url="/scripts/redirectLimit1.cfm?loop=#URL.loop+1#" addtoken="false" />
Comment by External U.
12642 | April 16, 2014 10:57:04 AM GMT
Verified the issue coldfusion supports only redirects for get and head methods. According to W3 spec If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Sticking to the spec we can add a new attribute to the cfhttp which takes this confirmation.
Comment by S V.
12643 | May 08, 2014 12:29:24 AM GMT
Hi Adobe, Regarding "we can add a new attribute to the cfhttp", what new attribute did you add to cfhttp? Thanks!, -Aaron
Comment by External U.
12644 | November 01, 2014 04:23:39 AM GMT
Hi Aaron, CF9 used to follow redirects for these methods but cf10 and cf11 are not following such redirects. So made it consistent with cf9 and no attribute was added. For cf10, it will be fixed in the next update. Thanks, Pavan.
Comment by S V.
12645 | November 02, 2014 11:49:33 PM GMT
Hi Pavan, Thank you for that confirmation. I've verified (using action="post" to a URL that redirects) this is fixed in CF11 Update 3. Thanks!, -Aaron
Comment by External U.
12646 | November 06, 2014 05:44:23 AM GMT
The fix for this bug is available in the pre-release build of ColdFusion 10 Update 16
Comment by CFwatson U.
12647 | February 20, 2015 09:22:23 AM GMT