• Global community
    • Language:
      • Deutsch
      • English
      • Español
      • Français
      • Português
  • 日本語コミュニティ
    Dedicated community for Japanese speakers
  • 한국 커뮤니티
    Dedicated community for Korean speakers
Exit
0

HTTP Status 400 – Bad Request

Community Beginner ,
Oct 15, 2021 Oct 15, 2021

Copy link to clipboard

Copied

I just installed a dev version of CF 2021 to prep for an upgrade from CF 10.

The exact same urls now respond with the above error from identical urls.  I presume the bad parameter is the "&{}" but this existed in CF 10 with no issue.  Tried adding URIEncoding="UTF-8"
relaxedQueryChars="{}" to the apache server.xml but had no success. It's not browser specific. This is the log entry:

Oct 15, 2021 12:09:56 PM org.apache.coyote.http11.Http11Processor service
INFO: Error parsing HTTP request header
 Note: further occurrences of HTTP request parsing errors will be logged at DEBUG level.
java.lang.IllegalArgumentException: Invalid character found in the request target [/iFM-Portals/system/srre/editor/index.cfm?targetaction=GlobalEditor&t=ifm_users&keylist=BELLPA2&{}&_=1634310596756 ]. The valid characters are defined in RFC 7230 and RFC 3986

 

 

Views

664

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines

correct answers 1 Correct answer

Community Beginner , Oct 18, 2021 Oct 18, 2021

I found the source of the issue.  It was in a function that tested for a null parameter and set it to '{}'.

All is good now.

Votes

Translate

Translate
Community Expert ,
Oct 16, 2021 Oct 16, 2021

Copy link to clipboard

Copied

The error is definitely a client error, as the status-code suggests. With the attribute, relaxedQueryChars, you are on the right track. 🙂

 

ColdFusion 10 and ColdFusion 2021 are a world apart. For example, CF10 runs on Tomcat 7.x whereas CF2021 runs on Tomcat 9.0.50. Newer Tomcat versions no longer tolerate certain characters in the URL. Which is why the characters {} are causing the HTTP 400 error.

 

Suggestions (in order of preference):

  1.  Change your software design such that the URLs in your application no longer require illegal characters like { and }. Inform users accordingly.
    If you cannot miss the characters, then use their respective URL-encoded values instead. For example %7B in place of { and %7D in place of }.
  2.  Implement the following workaround. Open server.xml in a text editor, and add the relaxedQueryChars attribute to the HTTP/1.1 connector element. For example,
    <Connector protocol="HTTP/1.1" port="8500" redirectPort="8453" connectionTimeout="20000" relaxedQueryChars="{,}"/>​

 

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 18, 2021 Oct 18, 2021

Copy link to clipboard

Copied

Thanks very much for the reply.

Updating the relaxedQueryChars param has not worked unfortunately.

Curiously the "&{}" part of the url is being added automatically and not a part of the url that gets sent in the Ajax call.

 

For example:

&prob_type=DATALINE  becomes

&prob_type=DATALINE&{}&_=1634554657642 which I always asumed to be part of the CFTOKEN so I never had to deal with it before.  So is this something being added by some other source juch as jQuery or even native Ajax do you think?

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Oct 18, 2021 Oct 18, 2021

Copy link to clipboard

Copied

LATEST

I found the source of the issue.  It was in a function that tested for a null parameter and set it to '{}'.

All is good now.

Votes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Resources
Documentation