BlueImp file upload not working after migration to host server

Report · Apr 21, 2025

I am having trouble uploading files after migrating the site from local environment to the web. Following is the relevant section of code from a coldfusion function that uploads files using BlueImp:

<cffunction name="POST" access="private" returnformat="json">
        <cfargument name="options" type="struct" required="true">
        <cfargument name="listing_id" type="any" required="false" default="">
        <cfset var result = 0 >
        <cfset var vThumbnail = 0 >
        <cfset var fileInfo = "" >
        <cfset var fileName = "" >
        <cftry>
        <cfset fileInfo = GetFileInfo(form['files[]']) />
        <!---<cfdump var="#fileInfo#"><cfabort>--->
...

In my local environment, selecting a file produces the following, which is a dump of the form variables used by the function:

LOCAL DEV ENVIRONMENT

Then BlueImp does its thing via the POST function shown above and the <cfdump var="#fileInfo#"> in the above code returns something like the following:

LOCAL DEV ENVIRONMENT

But, after uploading the site to Hostek, the initial file selection produces a similar form variables dump to the local environment, i.e.

REMOTE (LIVE) ENVIRONMENT:

BUT, the <cfdump var="#fileInfo#"> just returns zero (0) in the network tab. There is no dump structure as with the local environment.

Any ideas what could be going on?

Report · Apr 21, 2025

A few thoughts :

1) In your first and third dumps, there are also differences in three of the form field values. You haven't acknowledged or explained those, so I think you may want to focus first on that, by viewing the underlying generated html for these in the form before submission. You may learn that something unexpected is happening there, which may be as important to understand.

2) You haven't said what version of cf you're using.. More important, you've not said how your local and that hosted server may differ in regard to that. Most important, it would help to known if the hosted server is a more recent update of even the same version as your local. Do a:

<cfdump var="#server.coldfusion#">

and run that on each machine and let us know especially the ProductVersion value.

(There may be a contributing factor if your local machine is before the cf updates in March 2024 but the server is after, for instance.)

3) Finally, rather than manipulate that temp file, look into cffile action="upload", which is not about doing your later upload to blueimp but merely about more easily getting that file which was posted to cf. See the docs as well as a a 2006 blog post I'd done that clarifies some common confusion with that tag.

Let us know how things go, especially with 1 and 2.

/Charlie (troubleshooter, carehart. org)

Report · Apr 21, 2025

HI Chariie,

1) Yes, I should have explained that. The last dump was taken from a different part of the site where the same thing was happening. I've updated it to match the precise situation as that of the dev environment.

2) The dev environment uses CF2011 and the production environment uses CF2023

Local environment coldfusion server dump:

Remote live coldfusion server dump

I will work on your point 3 and get back

Report · Apr 21, 2025

Ok on all that.

1) While we await your exploration of cffile action="upload" (which may or may not change anything), now that we know your form was fine, let's focus on the result page where you're doing the dump.

You're issue is that it returns 0. That's the getfileinfo result--but your code fragment I'm the opening post shows that dump being commented out. Are you just removing that comment? Or does anything else differ about the getfileinfo call?

(I'd also normally ask you to hard-code the filename passed in, as a sanity check, but in this case you can't, as that temp file--created by the post of a file from a browser to a cf page--lives only for the life of the request, as I discuss in my 2006 blog post.

1a) But here's one other sanity check you can do: do a cffile action="read" against the file (or "readbinary", if it's indeed a binary format file) that's being uploaded to cf (and then being somehow later uploaded by your code to blueimp, which doesn't matter for this problem).

2) Finally, FWIW, and since the "failing" one is on cf2023 (and its latest update 13) while the "working" one is cf11 (rather than "cf2011"--which never existed, but it's a common misnomer), I'll note that there could well be literally several dozen changes between those two versions (cf11 came out in 2014, so they're 9 years apart, and some changes for you came in cf2016, then cf2018, then cf2021, then finally cf2023).

I'm not saying these relate to this problem, but for the sake of completeness I'll note that I have a talk I did where I reviewed all those potential compatibility issues in moving to cf2023 from any of those--all the way back to cf10, in fact. It's "Migrating apps to ColdFusion 2023 from earlier versions",and the pdf and YouTube recording are here on my presentations page.

2a) That said, beyond those VERSION differences, there are again the important cf updates to cf2023 (and cf2021) which came out in March and June 2024. It's possible that your issue could relate to them (though for now I think not).

I blogged on those then, but you may want to check my follow-up posts on them in July:

Follow-up on March 2024 CF update: "patch" to log "implicit scope searches" that would fail

And:

Follow-up on June 2024 CF update: more on change of default algorithm from CFMX_COMPAT

If anything I might suspect the first issue. See that post for more, but it's a lot to take in. FWIW, it points to my original post which (amid all its details) offers 3 ways to solve the problem, if it's even your issue. (And two of them are ones you can do even if you're on a hosted server.)

3) I realize all the above is a lot to take in. You surely just want a solution. 🙂 The problem is that we're looking at the RESULT while trying to sort out the CAUSE, which is always challenging. My first suggestions here are focused more on getting some additional diagnostics.

Let's see what you find or anyone else might propose.

/Charlie (troubleshooter, carehart. org)

Report · Apr 21, 2025

I think you should pay attention to Charlie's second suggestion. It is especially relevant to your question.

Your printscreens show that you use ColdFusion 11 and ColdFusion 2023. Is the one, for example, a development environment and the other a production environment? What is the connection between BlueImp and the two ColdFusion servers? Please clarify.

Report · Apr 21, 2025

Yes, 2011 is the development environment and 2023 the production.

Sorry, what do you mean by "What is the connection between BlueImp and the two ColdFusion servers?" Do you mean the method by which they connect?

Report · Apr 21, 2025

Thanks for confirming the ColdFusion 11 / 2023 situation.

Sorry for the confusion about the word "connection". By that I meant something along the lines of "link", "relation" or "interaction". Especially between the form and the function.

For example, we know a form is submitted. Which process submits the form? What / Where is the action page of the form.

It is peculiar that the POST function, which is private, has knowledge of the form-variables. Yet these variables don't come in as an argument of the function. So how does the function know about them?

Report · Apr 21, 2025

I'll share that I had wondered about that also for a moment, but I let it go because the fact that the function is declared with access="private" doesn't mean it can't access variables outside the function--such as if the function were in a cfm page doing the form processing.

Of course, it would be odd to bother with the private access in a cfm. (It might even be rejected.) But maybe we'll hear that Paul's action page IS in fact a CFC. That would be ok. Again, the access attribute affects how the cf can be called from outside the request, not whether and how it's called from inside--and it does NOT limit what scopes it can see, that are passed to that request.

Bottom line: his dump shows it's there. That's proof in the pudding. 🙂

/Charlie (troubleshooter, carehart. org)

Report · Apr 21, 2025

You are right, Charlie. His dump shows it's there. And it works on the development server. So, I'll take that as given, and start from there.

Report · Apr 21, 2025

Just to clarify, there is an "init()" function within the same component as the "post()" function. This "init()" function is called via one of several complex-looking js files I'm still trying to get my head around. (Note: It may not be perfectly syntactically correct as I carved parts out of the code to simplify it for this post).

init():

<cffunction name="init" access="remote" returnformat="json">
   <cfscript>
      var options = 
         "uploadPath" 	: "files/uploads", //relative to this file
	 "uploadURL"	: "/js/jQuery-File-Upload-master/server/cf/files/uploads", //relative the site root 
	 "maxFileSize"	: 1 * 1024 * 1024,
	 "okExtensions"	: "jpg,jpeg,gif,png",
         "watermark":   {
	    "enabled" 	: true,
	    "watermarkPath" : "watermark/watermark.png",
	    "watermarkPossX": "right", //left,right or number
	    "watermarkPossY": "bottom",  //top,bottom or number
	    "transparency"	: 50  //top,bottom or number
	 },
	 "thumbnails": 
            {
	    "enabled" 	: false,
	    "width" 	: "100",
	    "height"	: "100",
	    "uploadPath": "files/uploads/thumbs", //relative to this file
	    "uploadURL"	: "/js/jQuery-File-Upload-master/server/cf/files/uploads/thumbs", //relative the site root 
	    "interpolation" : "highestQuality"
            //...other options
         )
      }
   );  
   if (GetHttpRequestData().method == "GET")
      {
      if (structKeyExists(url,"file") && url.file != "")
         return DELETE(options);
      } 
   else if (GetHttpRequestData().method EQ "POST")
   {
      return POST(options);
   }
</cfscript> 
</cffunction>

Call to init()

$(function () {
    'use strict';
    // Initialize the jQuery File Upload widget:
    $('#fileupload').fileupload({
        // Uncomment the following to send cross-domain cookies:
        //xhrFields: {withCredentials: true},
        url: '/js/jQuery-File-Upload-master/server/cf/Upload.cfc?method=init'
    });

    // Enable iframe cross-domain access via redirect option:
    $('#fileupload').fileupload(
        'option',
        'redirect',
        window.location.href.replace(
            /\/[^\/]*$/,
            '/js/jQuery-File-Upload-master/cors/result.html?%s'
        )
    ); ...

Note, the error I am receiving is produced in yet another js file which is part of the library, within the following code. The error is commented in upper case within the code.

done: function (e, data) {
   $('#btn-upload').hide();
   //data.context.find('.start').button('disable');
   if (e.isDefaultPrevented()) {
      return false; 
   }
   var that = $(this).data('blueimp-fileupload') || 
         $(this).data('fileupload'),
   getFilesFromResponse = data.getFilesFromResponse ||
         that.options.getFilesFromResponse,
   files = getFilesFromResponse(data),
   template,
   deferred;
   if (data.context) {
      data.context.each(function (index) {
         var file = files[index] ||
            {error: 'Empty file upload result'}; // THIS IS THE ACTUAL ERROR I GET
         var newid = parseInt($('.post-form .file:last').attr("id").split("-")[1]) + 1;
	 $('.post-form')
            .append('<input type="hidden" class="file" id="file-' + newid + '" name="file-' + newid + '" value="' + file.name + '" />')
            .append('<input type="hidden" class="filesize" id="filesize-' + newid + '" name="filesize-' + newid + '" value="' + file.size + '" />')
            .append('<input type="hidden" class="fileurl" id="fileurl-' + newid + '" name="fileurl-' + newid + '" value="' + file.url + '" />')
            .append('<input type="hidden" class="filedeleteurl" id="filedeleteurl-' + newid + '" name="filedeleteurl-' + newid + '" value="' + file.deleteUrl + '" />')
            .append('<input type="hidden" class="filethumbnailurl" id="filethumbnailurl-' + newid + '" name="filethumbnailurl-' + newid + '" value="' + file.thumbnailUrl + '" />');
         deferred = that._addFinishedDeferreds();
....

Report · Apr 22, 2025

I think we should ignore the Javascript for the moment. As Charlie said, and I agree, "Bottom line: his dump shows it's there. ".

What was the result of the last test I suggested?

Report · Apr 21, 2025

BUT, the <cfdump var="#fileInfo#"> just returns zero (0).

By paul_8809

Please attach a printscreen of the full dump (similar to the second printscreen above).

Report · Apr 21, 2025

There is no dump at all. Simply a zero (0) showing in the network tab.

Report · Apr 21, 2025

There is no dump at all. Simply a zero (0) showing in the network tab.

By paul_8809

Understood.

Report · Apr 21, 2025

@paul_8809 , There might be an underlying error which is hidden by the try/catch. So test by temporarily commenting out the try/catch.

Something like this:

	<!--- <cftry> --->
		<cfset var filepath = form['files[]']>
		<cfset fileInfo = GetFileInfo(filepath) />
    	<cfdump var="#fileInfo#"> <cfabort>
		<!--- <cfcatch type="any" >
			<!--- etc. --->
		</cfcatch> --->
	<!--- </cftry> --->

Report · Apr 22, 2025

I nearly missed this post and it's a good one.

I did as you suggested and the following error ensued:

Error - struct

Message

access denied ("java.io.FilePermission" "C:\ColdFusion2023\cfusion\runtime\work\Catalina\localhost\tmp\neotmp8321420783930255167.tmp" "read")

Permission

Error - object of java.io.FilePermission

Class Name

java.io.FilePermission

Methods

Method Return Type

equals(java.lang.Object)	boolean
getActions()	java.lang.String
hashCode()	int
implies(java.security.Permission)	boolean
newPermissionCollection()	java.security.PermissionCollection

Parent Class

Error - object java.security.Permission

Class Name

java.security.Permission

Methods

Method Return Type

checkGuard(java.lang.Object)	void
equals(java.lang.Object)	boolean
getActions()	java.lang.String
getName()	java.lang.String
hashCode()	int
implies(java.security.Permission)	boolean
newPermissionCollection()	java.security.PermissionCollection
toString()	java.lang.String

StackTracejava.security.AccessControlException: access denied ("java.io.FilePermission" "C:\ColdFusion2023\cfusion\runtime\work\Catalina\localhost\tmp\neotmp8321420783930255167.tmp" "read") at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:485) at java.base/java.security.AccessController.checkPermission(AccessController.java:1068) at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:416) at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:756) at java.base/java.io.File.canRead(File.java:776) at coldfusion.tagext.io.FileUtils.getFileMetadata(FileUtils.java:1873) at coldfusion.runtime.CFPage.GetFileInfo(CFPage.java:6988) at cfUpload2ecfc733384199$funcPOST.runFunction(D:\home\aceoftrades.co.nz\wwwroot\js\jQuery-File-Upload-master\server\cf\Upload.cfc:68) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:668) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:561) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:95) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:477) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:451) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:323) at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:4894) at coldfusion.runtime.CfJspPage._invokeUDF(CfJspPage.java:4874) at cfUpload2ecfc733384199$funcINIT.runFunction(D:\home\aceoftrades.co.nz\wwwroot\js\jQuery-File-Upload-master\server\cf\Upload.cfc:51) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:668) at coldfusion.runtime.UDFMethod$ArgumentCollectionFilter.invoke(UDFMethod.java:561) at coldfusion.filter.FunctionAccessFilter.invoke(FunctionAccessFilter.java:95) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:477) at coldfusion.runtime.UDFMethod.runFilterChain(UDFMethod.java:451) at coldfusion.runtime.UDFMethod.invoke(UDFMethod.java:726) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:980) at coldfusion.runtime.TemplateProxy.invoke(TemplateProxy.java:762) at coldfusion.filter.ComponentFilter.invoke(ComponentFilter.java:261) at coldfusion.filter.ApplicationFilter.invoke(ApplicationFilter.java:606) at coldfusion.filter.RequestMonitorFilter.invoke(RequestMonitorFilter.java:43) at coldfusion.filter.MonitoringFilter.invoke(MonitoringFilter.java:40) at coldfusion.filter.PathFilter.invoke(PathFilter.java:162) at coldfusion.filter.ExceptionFilter.invoke(ExceptionFilter.java:97) at coldfusion.filter.ClientScopePersistenceFilter.invoke(ClientScopePersistenceFilter.java:28) at coldfusion.filter.BrowserFilter.invoke(BrowserFilter.java:38) at coldfusion.filter.NoCacheFilter.invoke(NoCacheFilter.java:60) at coldfusion.filter.GlobalsFilter.invoke(GlobalsFilter.java:38) at coldfusion.filter.DatasourceFilter.invoke(DatasourceFilter.java:22) at coldfusion.xml.rpc.CFCServlet.invoke(CFCServlet.java:167) at coldfusion.xml.rpc.CFCServlet.doPost(CFCServlet.java:384) at javax.servlet.http.HttpServlet.service(HttpServlet.java:555) at javax.servlet.http.HttpServlet.service(HttpServlet.java:623) at coldfusion.bootstrap.BootstrapServlet.service(BootstrapServlet.java:311) at jdk.internal.reflect.GeneratedMethodAccessor67.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222) at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:584) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:142) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:197) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128) at java.base/java.security.AccessController.doPrivileged(AccessController.java:569) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127) at coldfusion.monitor.event.MonitoringServletFilter.doFilter(MonitoringServletFilter.java:46) at coldfusion.bootstrap.BootstrapFilter.doFilter(BootstrapFilter.java:47) at jdk.internal.reflect.GeneratedMethodAccessor79.invoke(Unknown Source) at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.base/java.lang.reflect.Method.invoke(Method.java:568) at org.apache.catalina.security.SecurityUtil.lambda$execute$0(SecurityUtil.java:222) at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) at java.base/javax.security.auth.Subject.doAsPrivileged(Subject.java:584) at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:250) at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:202) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.ApplicationFilterChain.lambda$doFilter$0(ApplicationFilterChain.java:128) at java.base/java.security.AccessController.doPrivileged(AccessController.java:569) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:127) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:168) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:90) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:482) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:130) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:93) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:357) at org.apache.coyote.ajp.AjpProcessor.service(AjpProcessor.java:448) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:63) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:936) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1791) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:52) at org.apache.tomcat.util.threads.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1190) at org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:659) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:63) at java.base/java.lang.Thread.run(Thread.java:842)Suppressed

Error - array[empty]

TagContext

Error - array

1

Error - struct

COLUMN	0
ID	CF_CFPAGE
LINE	68
RAW_TRACE	at cfUpload2ecfc733384199$funcPOST.runFunction(D:\home\aceoftrades.co.nz\wwwroot\js\jQuery-File-Upload-master\server\cf\Upload.cfc:68)
TEMPLATE	D:\home\aceoftrades.co.nz\wwwroot\js\jQuery-File-Upload-master\server\cf\Upload.cfc
TYPE	CFML

2

Error - struct

COLUMN	0
ID	CF_UDFMETHOD
LINE	51
RAW_TRACE	at cfUpload2ecfc733384199$funcINIT.runFunction(D:\home\aceoftrades.co.nz\wwwroot\js\jQuery-File-Upload-master\server\cf\Upload.cfc:51)
TEMPLATE	D:\home\aceoftrades.co.nz\wwwroot\js\jQuery-File-Upload-master\server\cf\Upload.cfc
TYPE	CFML

TypeSecurity

Form - struct

CHASE_ID	5
FIELDNAMES	JOB_REVIEW_ID,QUOTE_ID,LISTING_ID,CHASE_ID,USER_ID,MODE,FILES[]
FILES[]	C:\ColdFusion2023\cfusion\runtime\work\Catalina\localhost\tmp\neotmp8321420783930255167.tmp
JOB_REVIEW_ID	[empty string]
LISTING_ID	[empty string]
MODE	create
QUOTE_ID	[empty string]
USER_ID	120

URL - struct

method

init

So, is this a permissions thing with the hosting server?

Report · Apr 22, 2025

Yes, it is indeed a permissions thing. That is the cause of the issue right there. Apparently, the Tomcat application server is preventing Javascript from gaining direct access to one of its files. Which is a very good thing! 🙂

Why the error occurs on ColdFusion 2023 but not on ColdFusion 11? ColdFusion's security gets progressively tighter as you upgrade. So ColdFusion 2023 has more bouncers at the door than ColdFusion 11.

The challenge now is to find a solution to this "access" problem.

Report · Apr 22, 2025

Huge thanks. At least we've nailed down the precise issue.

Report · Apr 22, 2025

Please post the full stacktrace as text.

(it is currently posted as image)

Report · Apr 22, 2025

May I ask why? And how do you do that without creating a mess?

Report · Apr 22, 2025

Reason: I still had questions about the permissions issue, and so wanted to see the full stacktrace. In fact, on studying the stacktrace I now have to correct myself.

Names such as "\js\jQuery-File-Upload-master" had led me to think that Javascript had attempted to gain direct access to files in Tomcat. But that was not the full picture, literally.

The stacktrace shows that there is no attempt by Javascript to gain access to any files. The "access-denied" actually applies to ColdFusion's own Upload CFC! The CFC is apparently not allowed to read the uploaded file.

That makes it a head-scratcher. But we should be able to solve it.

Report · Apr 22, 2025

Do you use Sandbox security (ColdFusion Administrator: Security > Sandbox Security)? I ask because I am thinking of two possible solutions:

via Sandbox security (preferable);
via the Java Policy configuration file.

Case 1:
Is your application running in a sandbox? If so , then in the list of permitted paths, add READ access to the path:

  C:/ColdFusion2023/cfusion/runtime/work/Catalina/localhost/tmp/-

Save the changes and restart ColdFusion.

Case 2:
Locate the file {HOME_DIR_OF_JAVA_USED_BY_CF}/conf/security/java.policy.
(WARNING: Before you proceed any further keep a backup copy of the file, just in case.)

Open the file in an editor. Within the grant block, add the following permission at the bottom:

permission java.io.FilePermission "C:/ColdFusion2023/cfusion/runtime/work/Catalina/localhost/tmp/-", "read";

Save the changes and restart ColdFusion.

Report · Apr 23, 2025

Hi @paul_8809 .

After thinking about this a bit more, I now have second thoughts. Even if either of my two proposed solutions worked, I would no longer recommend them.

"Access Denied" is a serious security message. The fact that access is denied to ColdFusion's own code can mean one of two things. Either this results from a bug, or else the ColdFusion code may not have access to that file in Tomcat.

It is unlikely that this is a bug. I have looked around and cannot find use-cases where ColdFusion code reads a file from within Tomcat. This means there is a good security reason for the "Access Denied".

That being the case, I would strongly dissuade you from using either of the two solutions. In fact, I hereby withdraw them. Sorry.

Nevertheless, I have a third suggestion. Though you're uploading using Javascript, what if the CFC imitates what ColdFusion itself does during an upload? Something like this:

<cffunction name="POST" >
	<!--- Other stuff --->
	
	<!--- Define full path to a directory for uploads. Define any dir path, as long as ColdFusion has access to it --->	
	<cfset var CFDirForUploadedFiles = expandpath('.')>
	
	<cftry>	
		<!--- ColdFusion uploads file to a directory of your choice--->
		<!--- Requirement for the upload: the uploading form must have multipart/form-data attribute. That is, <form enctype="multipart/form-data"> --->
		<cffile action = "upload" 
		fileField = "files[]" 
		destination="#CFDirForUploadedFiles#"
		nameConflict = "overwrite">
		 
		<!--- If upload succeeds, ColdFusion will automatically create the 'cffile' structure --->
		<cfset var filepath = CFDirForUploadedFiles & "/" & cffile.clientfile>
		<cfset var fileInfo = GetFileInfo(filepath)>
		
		<cfdump var="#fileInfo#">
	<cfcatch type="any">		
	<cfdump var="#cfcatch#">
	</cfcatch>
	
	</cftry>
	
	<!--- Other stuff --->		
</cffunction>

Report · Apr 23, 2025

FWIW, that suggestion to use cffile action="upload" was in fact one that I'd made in my first response here (indeed the first), in its point 3.

Paul had responded that he'd explore it but we never heard back. Looking forward to hearing whether it helps or not in this challenge. It should, but there may be details about his process that we're still missing.

/Charlie (troubleshooter, carehart. org)

Report · Apr 23, 2025

Thanks, Charlie. I have looked back following your last post. Only now do I notice your suggestion to use cffile action="upload". My apologies. If I had noticed it earlier I would of course have referred to it.

BlueImp file upload not working after migration to host server

1 Correct answer

Photos