tracker issue : CF-3955573

select a category, or use search below
(searches all categories and all time range)
Title:

Server Update Area and ScriptSrc Mapping

| View in Tracker

Status/Resolution/Reason: Closed/Won't Fix/Workaround

Reporter/Name(from Bugbase): Andrew Myers / Andrew Myers (Andrew Myers)

Created: 03/18/2015

Components: Administrator

Versions: 11.0

Failure Type: Incorrect w/Workaround

Found In Build/Fixed In Build: CF11_Final /

Priority/Frequency: Trivial / Some users will encounter

Locale/System: English / Linux Red Hat All

Vote Count: 1

Problem Description:

If a Default ScriptSrc Directory is specified under "Settings" in the ColdFusion Administrator, the server update area no longer works unless it is accessed via a web sever (eg. Apache) with an alias set.  Going direct to the tomcat instance via http://<servername>:<port>/CFIDE/administrator results in JavaScript errors making the CF Update unusable if accessed directly.

Steps to Reproduce:

1. Browse to the CF Administrator.  Set a value in "Default ScriptSrc Directory", eg. /acfscripts/ (as recommended in the lockdown guide)
2. Access CF Administrator via tomcat, eg http://localhost:8080/CFIDE/administrator/
3. Attempt to download an update

Actual Result:

Update area display is not styled correctly.  Pressing "Download update" results in nothing happening

Expected Result:

Update should commence download

Any Workarounds:

Access CF Administrator via connected webserver, which contains an alias "/acfscripts" for /CFIDE/scripts

----------------------------- Additional Watson Details -----------------------------

Watson Bug ID:	3955573

External Customer Info:
External Company:  
External Customer Name: Andrew
External Customer Email:  
External Test Config: My Hardware and Environment details:



CF11 deployed as a .war file on vanilla tomcat.

Attachments:

Comments:

Being able to use all functionality via directly accessing the CF Administrator on the tomcat instance allows access to /CFIDE to be denied via the public web server, giving some security benefits, IMHO.
Comment by External U.
8011 | March 18, 2015 02:09:32 PM GMT
I tried to repro this using IIS. Without creating an alias for the script folder in your case "/acfscripts" folder I am getting the below mentioned error message in the browser js console, when trying to download the update from ColdFusion admin. Are you getting the same error in the browser js console? If so then you may need to create an alias for the script folder, that is not the work around, that is how it is meant to be used. Error Message as below http://localhost:92/acfscripts/ajax/package/cfajax.js Failed to load resource: the server responded with a status of 404 (Not Found) topnav.cfm:14 Uncaught ReferenceError: ColdFusion is not defined topnav.cfm:18 Uncaught ReferenceError: ColdFusion is not defined topnav.cfm:723 Uncaught ReferenceError: updateservice is not defined http://localhost:92/acfscripts/ajax/messages/cfmessage.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/package/cfajax.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/yui/yahoo-dom-event/yahoo-dom-event.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/yui/animation/animation-min.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/ext/ext-all.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/resources/ext/css/ext-all.css Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/resources/cf/cf.css Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/package/cflayout.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/package/cfprogressbar.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/package/cfwindow.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/cfform.js Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/masks.js Failed to load resource: the server responded with a status of 404 (Not Found) index.cfm:22 Uncaught ReferenceError: ColdFusion is not defined index.cfm:35 Uncaught ReferenceError: ColdFusion is not defined index.cfm:48 Uncaught ReferenceError: ColdFusion is not defined index.cfm:69 Uncaught ReferenceError: ColdFusion is not defined index.cfm:73 Uncaught ReferenceError: ColdFusion is not defined index.cfm:77 Uncaught ReferenceError: ColdFusion is not defined index.cfm:81 Uncaught ReferenceError: ColdFusion is not defined index.cfm:115 Uncaught ReferenceError: ColdFusion is not defined index.cfm?targeted=false:127 Uncaught ReferenceError: ColdFusion is not defined index.cfm?targeted=false:139 Uncaught ReferenceError: ColdFusion is not defined index.cfm:143 Uncaught ReferenceError: Ext is not defined index.cfm:159 Uncaught ReferenceError: Ext is not defined index.cfm:171 Uncaught ReferenceError: Ext is not defined index.cfm:181 Uncaught ReferenceError: Ext is not defined index.cfm:191 Uncaught ReferenceError: Ext is not defined index.cfm:201 Uncaught ReferenceError: Ext is not defined index.cfm:211 Uncaught ReferenceError: Ext is not defined index.cfm:221 Uncaught ReferenceError: Ext is not defined index.cfm:231 Uncaught ReferenceError: Ext is not defined index.cfm:241 Uncaught ReferenceError: Ext is not defined index.cfm:953 Uncaught ReferenceError: downloadService is not defined http://localhost:92/acfscripts/ajax/resources/ext/css/ext-all.css Failed to load resource: the server responded with a status of 404 (Not Found) http://localhost:92/acfscripts/ajax/resources/cf/cf.css Failed to load resource: the server responded with a status of 404 (Not Found)
Comment by Dattanand M.
8012 | June 07, 2015 09:49:13 PM GMT
+1 /////////////////////////////
Vote by External U.
8018 | June 08, 2015 08:43:13 AM GMT
Dattanand - "... you may need to create an alias for the script folder, that is not the work around, that is how it is meant to be used." I'm sorry, but that seems to defeats the entire purpose of using the "ScriptSrc" setting - security. ColdFusion should automatically create a vdir or alias reference in the Tomcat built-in server when "ScriptSrc" is set.
Comment by External U.
8013 | June 08, 2015 08:54:23 AM GMT
Hi Dattanand, Yes mentioned in the original bug report, it does work with the alias. My issue is that for security reason, I want to access the CF administrator directly - straight to tomcat on port 8080 - and not through the web server.
Comment by External U.
8014 | June 08, 2015 07:07:44 PM GMT
Hi Andrew, We have done many changes in the CF12 for this. For CF11 we will document the work around.
Comment by Dattanand M.
8015 | June 14, 2015 09:28:21 PM GMT
This issue is been fixed for CF12 as we have isolated scripts folder from CFIDE. For CF11 workaround will be as below The workaround for CF11 will be One need to modify the server.xml file present in <cf_home>\runtime\conf\ <Context which is present in server.xml uncomment it It would look like <Context path="/" docBase="<cf_home>\wwwroot" WorkDir="<cf_home>\runtime\conf\Catalina\localhost\tmp" ></Context> give the path of cf home were ever <cf_home> is present add the attribute "Aliases" value specify name of the virtual directory you have created for the script inside the site and the full path where you have placed the script folder Aliases="/virtual directory name= Path where you have placed the script folder" E.g. Aliases="/Alias=C:\ColdFusion11\cfusion\wwwroot\scripts" Context tag in the server.xml after modification would look as below. <Context path="/" docBase="C:\ColdFusion11\cfusion\wwwroot" WorkDir="C:\ColdFusion11\cfusion\runtime\conf\Catalina\localhost\tmp" aliases="/Alias=C:\ColdFusion11\cfusion\wwwroot\scripts"></Context> Restart the server after this. You will be able to see the administrator as expected.
Comment by Dattanand M.
8016 | September 16, 2015 04:55:40 AM GMT
The issues was raised for CF11. You should be fixing it in CF11, which is the current most recent version of CF, and still supposedly "supported" by Adobe. You need to start fixing bugs in the versions they were raised against, and in a timely fashion. "workaround" would be good enough for an open source project, but not one for an enterprise product costing thousands of pounds.
Comment by External U.
8017 | September 16, 2015 08:38:55 AM GMT