We attempted to upgrade from Coldfusion 11 to 2018 today and we are now getting our cross-origin requests blocked by Chrome. Reverting back to CF11 (changing no settings in IIS, just switching the connector) we have no problems. So, my question is this: What has changed in the Rest Services served by CF2018 so that cross-origin requests would start getting blocked when the same code served by CF11 works fine? And, what, if anything, might be done to get around this issue?
Js, some things to consider (not to do in order):
- consider of course that it could be a change in 2016 not 2018
- you could consider installing 2016 as well, if you want to know for sure (perhaps testing first with no cf2016 updates then with the 6th that is available)
- are you confirming there's no error in cfs logs? Or in any error handling you've got? Maybe an error is happening and THAT is triggering the c-o error unexpectedly
- are you watching in some client dev tool to see exactly what is coming back from the server (headers and content)?
- to take iis out of the equation, have you confirmed that a test against the rest service served via the CF built-in web server fails for 2018 as well? and not 11?
- did you create a new site for use with 2018? If so, consider adding a new site for 11 (yes, I realize it would be redundant to your existing site for 11), but maybe the issue is not in cf but in the new iis site for 2018
Thanks for your reply, Charlie. It was helpful to look at CF2016 as it does not have this same issue.
I upgraded from Coldfusion 2016 to 2018 only and I am experiencing the same problem. No changes in IIS other than what 2018 modified in the setup.
Copy link to clipboard
After talking with some Adobe support reps and doing some more troubleshooting, We arrived at the conclusion that CF2018 is not supported on Windows Server 2008 R2 (see this: https://helpx.adobe.com/pdf/coldfusion2018-support-matrix.pdf ) and something in that combination is at fault. I think it's something with the CORS support in IIS combined with CORS in CF2018 just not getting along and causing issues. (One issue I saw was returning two Access-Allow-Origin headers which Chrome does not allow) So, We will either be downgrading CF to 2016 which does not appear to have this issue or upgrading to Windows Server 2012 or newer which is at least supported if we do have more issues along these lines.