Skip to main content
D
defaultfa3gu8hjhqqx
Participant
October 15, 2021
Answered

HTTP Status 400 – Bad Request

  • October 15, 2021
  • 1 reply
  • 2758 views

I just installed a dev version of CF 2021 to prep for an upgrade from CF 10.

The exact same urls now respond with the above error from identical urls.  I presume the bad parameter is the "&{}" but this existed in CF 10 with no issue.  Tried adding URIEncoding="UTF-8"
relaxedQueryChars="{}" to the apache server.xml but had no success. It's not browser specific. This is the log entry:

Oct 15, 2021 12:09:56 PM org.apache.coyote.http11.Http11Processor service
INFO: Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target [/iFM-Portals/system/srre/editor/index.cfm?targetaction=GlobalEditor&t=ifm_users&keylist=BELLPA2&{}&_=1634310596756 ]. The valid characters are defined in RFC 7230 and RFC 3986

 

 

    This topic has been closed for replies.
    Correct answer defaultfa3gu8hjhqqx

    I found the source of the issue.  It was in a function that tested for a null parameter and set it to '{}'.

    All is good now.

    1 reply

    BKBK
    Community Expert
    BKBKCommunity Expert
    Community Expert
    October 16, 2021

    The error is definitely a client error, as the status-code suggests. With the attribute, relaxedQueryChars, you are on the right track. 🙂

     

    ColdFusion 10 and ColdFusion 2021 are a world apart. For example, CF10 runs on Tomcat 7.x whereas CF2021 runs on Tomcat 9.0.50. Newer Tomcat versions no longer tolerate certain characters in the URL. Which is why the characters {} are causing the HTTP 400 error.

     

    Suggestions (in order of preference):

    1.  Change your software design such that the URLs in your application no longer require illegal characters like { and }. Inform users accordingly.
      If you cannot miss the characters, then use their respective URL-encoded values instead. For example %7B in place of { and %7D in place of }.
    2.  Implement the following workaround. Open server.xml in a text editor, and add the relaxedQueryChars attribute to the HTTP/1.1 connector element. For example,
      <Connector protocol="HTTP/1.1" port="8500" redirectPort="8453" connectionTimeout="20000" relaxedQueryChars="{,}"/>​

     

    D
    defaultfa3gu8hjhqqxAuthor
    Participant
    October 18, 2021

    Thanks very much for the reply.

    Updating the relaxedQueryChars param has not worked unfortunately.

    Curiously the "&{}" part of the url is being added automatically and not a part of the url that gets sent in the Ajax call.

     

    For example:

    &prob_type=DATALINE  becomes

    &prob_type=DATALINE&{}&_=1634554657642 which I always asumed to be part of the CFTOKEN so I never had to deal with it before.  So is this something being added by some other source juch as jQuery or even native Ajax do you think?

    D
    defaultfa3gu8hjhqqxAuthorCorrect answer
    Participant
    October 18, 2021

    I found the source of the issue.  It was in a function that tested for a null parameter and set it to '{}'.

    All is good now.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices