Working cfhttp call to API returns "malformed or illegal request" after migration to CF2023

Question

We have a working CFHTTP call in our production code on a CF2021 server which works just dandy. It calls an outside party to get a token and follow up with more specific requests using get & put. As part of our enterprise migration process we have cloned the same code to our newly installed CF2023 instance on our twin sister dev server, where many of the same calls have now failed. We're pretty sure it's not any SSL or CERT issue, because the one initial call to get the token still works. The subsequent calls fail with: 400 Bad Request

Error: Bad Request

Your client has issued a malformed or illegal request.

This sure looks like the API's response, not a network issue. I had started down the typical debugging paths (any missing updates? char set?, wrong verb? placement of headers and body, etc...), but then I had to snap back to the one truth here:This code all worked fine on CF2021, it now fails on CF2023So, I need to find that "what's new" article which always comes out with a new CF release (explaining things they've changed and the new Admin settings to un-change them, for example), but my searches and clicks will always send me to Cf2025's notes... not 2023's. Slightly frustrating ;-] So can someone please humor me - and tell me what has changed between ColdFusion 2021 and 2023,0,12,330713 (enterprise on Windows Server 2016) which would cause our outgoing cfhttp calls to change from "valid requests" to "malformed" gibberish? Thanks in advance, CFML heroes...

AlHolden · Accepted Answer

I found it! One needs to append the version/year...https://helpx.adobe.com/coldfusion/using/whats-new-2023.html Still looking for a cause, though...

Dave Watts · Answer

I had to snap back to the one truth here

There is almost always more than one truth when debugging web applications. In this case, you have different servers using different IP addresses (that might be important) and keystores (probably not important as certificates are working in your case). I would recommend, for the sake of easier debugging, that you do try to get this down to one truth, or at least a smaller number of truths. For example, use the same server for both tests - install CF 2021, ensure that everything works, then upgrade it to CF 2023 and retest it. This is kind of a pain in the ass, but it'll give you a chance to identify the problem in more detail and not rely on "CFML heroes" to solve your problem. (I'm not sure I'm a hero, but you really don't want to see me in tights.) You can be the CFML hero!

In addition, you can use a recording proxy like Fiddler (https://www.telerik.com/fiddler) to see the traffic between the two servers. This will probably require some, uh, fiddling around with certificates on your server, but it's worth it for debugging HTTPS requests and responses.

You can also log what you're sending to the outside provider. This might be easier than messing around with Fiddler, but by itself it's less likely to show you the problem.

Finally, you can open a support ticket with the outside provider to get any information they have. They might have to enable logging for you. I don't know if that's an option, but try it and see.

My guess is that it's an encoding issue. I haven't done any research to support this, it's just a guess. Fiddler should let you identify this if you can.

Sign up

To post, reply, or follow discussions, please sign in with your Adobe ID.

Sign in to Adobe Community

To post, reply, or follow discussions, please sign in with your Adobe ID.

Scanning file for viruses.

This file cannot be downloaded