tracker issue : CF-4160482

select a category, or use search below
(searches all categories and all time range)
Title:

CFHEADER does not work inside a webservice

| View in Tracker

Status/Resolution/Reason: Closed/Fixed/Fixed

Reporter/Name(from Bugbase): e-domizil License Team / e-domizil License Team (Alexander Hass)

Created: 06/02/2016

Components: REST Services

Versions: 2016

Failure Type: Non Functioning

Found In Build/Fixed In Build: CF2016_Final / 2016.0.04.302267

Priority/Frequency: Major / All users will encounter

Locale/System: ALL / Win 2012 Server x64

Vote Count: 0

Listed in the version 2016.0.04.302561 Issues Fixed doc 
Problem Description: We need to set a proper status code for a request to a webservice on application level. If a user is not authorized he need to get a HTTP status code "401 Unauthorized".

Steps to Reproduce: Example repro case attached.

Actual Result: No status code set.

Expected Result: HTTP status code need to be set.

Any Workarounds: Unknown

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	4160482

External Customer Info:
External Company:  
External Customer Name: Firstname Lastname
External Customer Email:  
External Test Config: My Hardware and Environment details:

Attachments:

  1. June 02, 2016 00:00:00: 1_resttest.zip

Comments:

Repro case 1. Copy the example code to C:\ColdFusion2016\cfusion\wwwroot\resttest 2. Open a Google Chrome "Developer tools" > "Network" tab 3. Open http://localhost:8500/rest/resttest/ 4. You should get back an XML structure with the cfthrow message. Ok. 5. Now look into “Headers” > “General” and you will see that the “Status Code” is “200 OK”. The CFHEADER is completely ignored. That is the defect. <cfheader statusCode="401" statusText="Unauthorized"> <cfthrow errorcode="401" message="Unauthorized" type="Application">
Comment by External U.
2514 | June 02, 2016 07:42:42 AM GMT
Not to miss it - we are on IIS 7.5 (Win 2008R2) and Windows 2012 and the isapi_redirect.properties option "iis_skip_custom_errors_enable= true" has been set.
Comment by External U.
2515 | June 02, 2016 07:52:23 AM GMT
Sorry, incomplete repro case. Here is the complete one. 1. Copy the example code to C:\ColdFusion2016\cfusion\wwwroot\resttest 2. Setup a REST service on CF admin at Data Serices > REST Services 3. Root path "C:\ColdFusion2016\cfusion\wwwroot\resttest" and service mapping "RESTTEST" 4. Open a Google Chrome "Developer tools" > "Network" tab 5. Open http://localhost:8500/rest/resttest/ 6. You should get back an XML structure with the cfthrow message. Ok. 7. Now look into “Headers” > “General” and you will see that the “Status Code” is “200 OK”. The CFHEADER is completely ignored. That is the defect. <cfheader statusCode="401" statusText="Unauthorized"> <cfthrow errorcode="401" message="Unauthorized" type="Application"> And one note, IIS not not involved here - I missed that.
Comment by External U.
2516 | June 02, 2016 09:30:53 AM GMT
Additional to existing info http://www.adobe.com/devnet/coldfusion/articles/restful-web-services.html tells us that "You can use the cfthrow tag to specify the status code by providing a value to the errorcode attribute.". This means the CFHEADER should not required. But the cfthrow code is not send as HTTP status code to the client, too.
Comment by External U.
2517 | June 02, 2016 10:03:19 AM GMT
Verified the fix #300103, added test case at //depot/qa/cf/regression/coretests/restservices/bugCF-4160482/bugCF-4160482.cfm
Comment by HariKrishna K.
2518 | September 01, 2016 04:31:44 AM GMT