Copy link to clipboard
Copied
I have a cloud share drive recently assigned to my project, and I was able to copy a number of PDF files into it. I can use Windows Explorer to navigate to that drive and bring up any PDF file with ease -- double click, view in Acrobat, no problem.
I can use CFDIRECTORY to list the contents of the directory, and I can use FileExists and CFFILE to test and grab a copy of the file, no sweat.
I put a text file in the directory, and I can pull that up with:
<cfheader name="Content-disposition" value="attachment;filename=filenamehere.txt">
<cfcontent reset="true" type="text/plain" file="file:///\\sharedDirectoryHere\filenamehere.txt">
I put a GIF in place and <image> displayed it easily.
I can use the following code pair to view PDF's on another project's share with no issue, PDF pops right up...
<cfheader name="Content-disposition" value="attachment;filename=filenamehere.pdf">
<cfcontent reset="true" type="application/pdf" file="file:///\\otherSharedDirectoryHere\filenamehere.pdf">
... but if I try to read and display a PDF on my shared directory, it tells me the file is missing or corrupt and will not display it.
Your thoughts, please?
Resolution?
There are two shares in question. It does appear that permissions are the culprit. A number of groups with permissions were removed and others were aligned properly by assigning the ColdFusion service to the permissions group responsible for the share, and the ability to serve up a PDF now works on one of the two shares.
The other share is not working, but that is likely due to the permissions being production, not development, and there appears to be no good way to properly and fully
...Copy link to clipboard
Copied
When you say the problem is that you can't "read and display a PDF on my shared directory", how does your code differ from the two working examples you show above?
Copy link to clipboard
Copied
Charlie,
I can read, but it won't display.
My code is identical save for the path and file name.
RLS
Copy link to clipboard
Copied
Ok, but you had said originally that you COULD use "CFFILE to test and grab a copy of the file", while cfcontent fails.
Are you saying that the path used in cffile (working) and cfcontent (not working) is identical, or if not, how do they differ?
Copy link to clipboard
Copied
They are identical.
On Tue, Apr 2, 2019, 8:25 AM Charlie Arehart <forums_noreply@adobe.com>
Copy link to clipboard
Copied
This just doesn't make sense, that cffile and cfcontent would alone react differently in their ability to process a given file/path.
So when you say, in conclusion, that " it tells me the file is missing or corrupt and will not display it", are you saying you get an error from CF? What is it, exactly?
Or might the error be coming from your browser, in which case it may not be about cf's inability to access the file after all. Indeed, what happens if you remove the cfheader line?
Copy link to clipboard
Copied
I agree. We had a two hour telcon last Friday night with engineers from all over the company, at least a dozen people on at the same time, screen share, things tried, no resolution. The best guess so far is that it's a rights issue, but that seems odd also.
To answer your questions, I am NOT getting an error from CF - it comes from Acrobat, I think, the one about the file being corrupt.
If the error was from my browser, why can I open a PDF on another's file share but not mine?
Haven't tried removing the CFHEADER line, will give that a shot when I get in.
RSL
Copy link to clipboard
Copied
Ok, this really changes things. It sounded from the outset like you were saying the error was in the cfcontent, and so was a CF error, in which case it begged the question how cffile would work and cfcontent would not--thus my previous questions.
Now that we know it's on your client end (whether browser, or acrobat, or an acrobat plugin in your browser), that changes where to focus.
So first, you seem unsure if it IS your browser or acrobat. Please do confirm. Do you at least request the url in a browser?
And if so, have you viewed the request with the dev tools feature of your browser? (This is available in all browsers. Typically you can right click on whitespace of your page and choose "inspect". Then choose the "network" tab among those shown in the tool.) This would allow you to see the communication to/from the server, in terms of status codes, headers, and content. I suspect the answer could be right there.
Or more simply, have you tried the request from multiple browsers types, or from different machines?
BTW, I do those shared desktop sessions myself as consultant, troubleshooting such errors (cf and related) every day. If your urgency warrants that over lots of back and forth here, you can learn more about my services (rates, approach, satisfaction guarantee, and more) at carehart.org/consulting.
Copy link to clipboard
Copied
Charlie,
As always, thank you. I very much appreciate your second set of eyes on this.
I highly doubt this client will allow third party drill-in, but if it comes down to the wire, who knows what goes?
I have tried this in IE, Edge, and Chrome. Other programmer in a distant city tried this with the same result (she can access her share, gets the same error I do when I try). On the call, other engineers tried to access my URL with the same result, so I don't think it's my browser, browser type, or machine. A couple of the BSE's have also tried from their desks/machines, to no avail.
Yes, I used Inspect / F12 / Developer tools. Multi-times-daily habit, actually. Nada on this issue, though. It's pointing at rights, but, still, that's just odd to me. Then again, I'm not Windows rights expert!
We are taking steps to get the rights changed. In this company, it requires quite a bit of mountain moving to get rights changed, so hopefully I'll have that straightened out in a week (I kid you not) to be able to check if that's the problem.
RLS
Copy link to clipboard
Copied
Ok, let's take cf entirely out of the equation, then. What happens if you simply put a PDF on the server, where the cf code is, and call that in the browser?
And what then does the browser Dev tool show. You say "nada", but please be more specific: do you see the request (for cfm or PDF) result in a status code 200, with expected headers, and file content?
Copy link to clipboard
Copied
Ok, let's take cf entirely out of the equation, then. What happens if you simply put a PDF on the server, where the cf code is, and call that in the browser?
And what then does the browser Dev tool show. You say "nada", but please be more specific: do you see the request (for cfm or PDF) result in a status code 200, with expected headers, and file content?
Unfortunately, it is against the rules to put a PDF in the code; that's why all this action is taking place now. When they migrated to 2016, they also stipulated that if you have anything more than images for the web site (basically) they had to be in a NAS share. No PDF's, DOC's, etc, are to be in the code base whatsoever.
When I say "nada", I mean absolutely nothing shows, partly because new windows open up and they don't have the dev tools showing. When I open them up (inspect or F12), it's blank.
I wish I could screen share or snapshot, but I risk immediate termination for doing anything like that in this facility.
Copy link to clipboard
Copied
Okay, I was able to find some output in the dev tools. For the script being called to display the file, there is
Content-Security-Policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
Copy link to clipboard
Copied
If instead of telling it I want to OPEN, I SAVE the file to my computer, Open Folder, and double-click to open from there, it still says it is corrupt.
Copy link to clipboard
Copied
This looks like an issue with the permissions. Are you using a service account to run the ColdFusion service?
Thanks,
Vikram
Copy link to clipboard
Copied
Yes. So permissions can allow me to read and view text, read and view images, and read but NOT view PDF's? Interesting.
Then next question is Why? Why let me read a PDF but not view it?
Copy link to clipboard
Copied
It's hard to see what's going on without more information, but you might want to make sure that both the IIS IUSR account and the CF account both have read permissions on your share. You might also want to make sure that you're returning the PDF using the proper MIME type with your CFHEADER tags, and for testing with static PDFs you might also want to make sure that IIS is returning the right MIME type.
Also, earlier in the thread, you'd mentioned you were getting back a Content-Security-Policy response header. That can prevent PDFs from being loaded, because PDFs can contain executable code. If that's a problem, you'll need to have that disabled.https://content-security-policy.com/
https://content-security-policy.com/
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
Thank, Dave.
If you look at the very first post, you see I am using the application/pdf MIME type in my CF call, and it works perfectly when used against another person's share, so it's only my share that's a problem. I'm pretty sure the company has the IIS right because I'm far from being the only app that's using it. I know I have read permissions because I can grab the file with CFFILE and CFCIRECTORY, no problem.
I think you're onto something with the content-security policy. It's either that or permissions. Just weird I can use this same code in this same program to view PDF's in another file share. That points to some oddball permission in my file share, that it was set up incorrectly.
Copy link to clipboard
Copied
CFFILE and CFDIRECTORY only apply to the CF service. It's possible that the IIS user account in question does not have access to your share. It could also be the content-security policy if that's only applied to your IIS virtual server, but if other IIS virtual servers have the same policy I think it's less likely.
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
If I have a content-security-policy on my site but I'm able to put code on my site that successfully reads from another's share, it can't be my security policy getting in the way, correct? My security policy is in my meta.
Copy link to clipboard
Copied
If PDFs from other shares are working with the policy, you're right, it's probably not the policy. It was worth a shot though.
Dave Watts, Eidolon LLC
Copy link to clipboard
Copied
The Acrobat Reader error message states:
"Adobe Acrobat Reader could not open 'filename' because it is either not a supported file type or because the file has been damaged (for example, it was sent as an email attachment and wasn't correctly decoded)."
Summary of attempts:
It's as if the share has not been set up to recognize (or ignore) PDF files. Is that possible? Like IIS MIME types settings, but for Network Access Shares?
Copy link to clipboard
Copied
These last few replies support what I was getting at in my last one, when I proposed that you try putting the PDF in a web accessible directory, and then try calling it from there.
Your reply was that you could not do that because it was against your organizational rules, but to be clear *I'm not saying to do it for production purposes. I'm saying to do it for diagnostic purposes*, to understand this problem.
If you put the PDF in a web accessible directory, even for just a minute, and you call it, what happens in THAT request? And do put it in the same place where the CF page is being called, so that it is governed by the same rules in IIS which would have governed the calling to a CF page trying to serve it up via content. And do be sure also request the PDF via the http:// protocol, not file://, for the same reason.
If the PDF still cannot be served to your browser, then it would clearly confirm that this problem has nothing to do with ColdFusion, and instead wouldn seem s a problem of IIS serving it. And then, as has been discussed here, you could contemplate various things like is it about permissions, is it about perhaps IIS settings influencing the serving of the PDF, and so on. Heck, it could be a firewall, waf, or antivirus problem.
And please, before you assert, "this can't be it, because it works if I point to her share instead of mine", could you just try it? There are many things you're saying and not saying that we have to read through from afar. I can think of various ways that you could be doing things, where there's more than is being said. This is why having an online session would be valuable, but I know it's not an option. So please, just try it. 🙂
You're clearly a smart person who is thinking through things very carefully, covering all your bases. But remember the old adage about a lawyer who represents himself in court. 🙂 For the sake of all the time you and we have been spending on this, can you please just try it?
Copy link to clipboard
Copied
Charlie,
I'm sorry for such a slow reply! Life got in the way for a few days.
I copied a PDF directly into the code base, same directory. Here are my attempts and the results, generified for this response to keep me out of trouble.
<cfheader name="Content-disposition" value="attachment;filename=filename.pdf">
<cfcontent reset="true" type="application/pdf" file=file:///\filename.pdf">
--Received the "damaged file" error message.
<cfheader name="Content-disposition" value="attachment;filename=filename.pdf">
<cfcontent reset="true" type="application/pdf" file="filename.pdf">
--Received the "damaged file" error message.
https://subdomain.domain/filename.pdf
--Displayed the PDF directly without issue (it worked).
<cfheader name="Content-disposition" value="attachment;filename=INS615.pdf">
<cfcontent reset="true" type="application/pdf" file=https://subdomain.domain/filename.pdf">
--Asked to download, then showed it without issue (it worked).
What does that say, then? IIS is working but the FILE serve has issues, maybe content policy is the problem?
RLS
Copy link to clipboard
Copied
Resolution?
There are two shares in question. It does appear that permissions are the culprit. A number of groups with permissions were removed and others were aligned properly by assigning the ColdFusion service to the permissions group responsible for the share, and the ability to serve up a PDF now works on one of the two shares.
The other share is not working, but that is likely due to the permissions being production, not development, and there appears to be no good way to properly and fully test it without migrating through to production and testing it, backing out the change if it does not.
It would be awesome if someone ever found or developed a tool that would diagnose this type of situation, independent of the language used to develop, kind of like the OBD plug-in for your car. Did Norton ever make utilities for that? 🙂
Now on to my next problem: getting the .net-friendly/ColdFusion-ignorant (in the true sense of the word) support to understand that the CF Application Server they installed on my machine for development is pretty much worthless without the Administrator password, and it's NOT the Administrator-for-windows password that I'm looking for.  Sigh.  The battle is real.
Thank you everyone for all your help on this!
Copy link to clipboard
Copied
If the CF service is running as a user account instead of a security context, it should be very easy to test its access to that share. Just log into the box running CF, open a command prompt as that CF service's user account, and see if you can access the contents of the share from that command prompt. If the CF service isn't running as a user account, but instead is running as a security context (the default behavior for CF and most other Windows services) you should probably change it to a user account but that will be difficult in your production environment without a lot of testing.
If you need your CF Administrator password from your own local machine, and you have sufficient rights on that machine, you can remove the line in c:\coldfusion2018\cfusion\lib\neo-security.xml that requires the password in the first place. You can then reset the password as you like. This has nothing to do with the CF service user account password, though.
Dave Watts, Eidolon LLC
 
					
				
				
			
		
 
					
				
				
			
		
Find more inspiration, events, and resources on the new Adobe Community
Explore Now