Highlighted

CF2018 And IIS7.5 Cross-origin REST Services requests

Community Beginner ,
Sep 09, 2018

Copy link to clipboard

Copied

We attempted to upgrade from Coldfusion 11 to 2018 today and we are now getting  our cross-origin requests blocked by Chrome. Reverting back to CF11 (changing no settings in IIS, just switching the connector) we have no problems. So, my question is this: What has changed in the Rest Services served by CF2018 so that cross-origin requests would start getting blocked when the same code served by CF11 works fine? And, what, if anything, might be done to get around this issue?

Correct answer by js_nelson | Community Beginner

After talking with some Adobe support reps and doing some more troubleshooting, We arrived at the conclusion that CF2018 is not supported on Windows Server 2008 R2 (see this: https://helpx.adobe.com/pdf/coldfusion2018-support-matrix.pdf ) and something in that combination is at fault. I think it's something with the CORS support in IIS combined with CORS in CF2018 just not getting along and causing issues. (One issue I saw was returning two Access-Allow-Origin headers which Chrome does not allow) So, We will either be downgrading CF to 2016 which does not appear to have this issue or upgrading to Windows Server 2012 or newer which is at least supported if we do have more issues along these lines.

Views

489

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more

CF2018 And IIS7.5 Cross-origin REST Services requests

Community Beginner ,
Sep 09, 2018

Copy link to clipboard

Copied

We attempted to upgrade from Coldfusion 11 to 2018 today and we are now getting  our cross-origin requests blocked by Chrome. Reverting back to CF11 (changing no settings in IIS, just switching the connector) we have no problems. So, my question is this: What has changed in the Rest Services served by CF2018 so that cross-origin requests would start getting blocked when the same code served by CF11 works fine? And, what, if anything, might be done to get around this issue?

Correct answer by js_nelson | Community Beginner

After talking with some Adobe support reps and doing some more troubleshooting, We arrived at the conclusion that CF2018 is not supported on Windows Server 2008 R2 (see this: https://helpx.adobe.com/pdf/coldfusion2018-support-matrix.pdf ) and something in that combination is at fault. I think it's something with the CORS support in IIS combined with CORS in CF2018 just not getting along and causing issues. (One issue I saw was returning two Access-Allow-Origin headers which Chrome does not allow) So, We will either be downgrading CF to 2016 which does not appear to have this issue or upgrading to Windows Server 2012 or newer which is at least supported if we do have more issues along these lines.

Views

490

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Sep 09, 2018 0
Adobe Community Professional ,
Sep 09, 2018

Copy link to clipboard

Copied

Js, some things to consider (not to do in order):

- consider of course that it could be a change in 2016 not 2018

- you could consider installing 2016 as well, if you want to know for sure (perhaps testing first with no cf2016 updates then with the 6th that is available)

- are you confirming there's no error in cfs logs? Or in any error handling you've got? Maybe an error is happening and THAT is triggering the c-o error unexpectedly

- are you watching in some client dev tool to see exactly what is coming back from the server (headers and content)?

- to take iis out of the equation, have you confirmed that a test against the rest service served via the CF built-in web server fails for 2018 as well? and not 11?

- did you create a new site for use with 2018? If so, consider adding a new site for 11 (yes, I realize it would be redundant to your existing site for 11), but maybe the issue is not in cf but in the new iis site for 2018

/Charlie (server troubleshooter, carehart.org)

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 09, 2018 1
Community Beginner ,
Oct 11, 2018

Copy link to clipboard

Copied

Thanks for your reply, Charlie. It was helpful to look at CF2016 as it does not have this same issue.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 11, 2018 0
New Here ,
Sep 11, 2018

Copy link to clipboard

Copied

I upgraded from Coldfusion 2016 to 2018 only and I am experiencing the same problem.  No changes in IIS other than what 2018 modified in the setup.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Sep 11, 2018 0
Community Beginner ,
Oct 11, 2018

Copy link to clipboard

Copied

After talking with some Adobe support reps and doing some more troubleshooting, We arrived at the conclusion that CF2018 is not supported on Windows Server 2008 R2 (see this: https://helpx.adobe.com/pdf/coldfusion2018-support-matrix.pdf ) and something in that combination is at fault. I think it's something with the CORS support in IIS combined with CORS in CF2018 just not getting along and causing issues. (One issue I saw was returning two Access-Allow-Origin headers which Chrome does not allow) So, We will either be downgrading CF to 2016 which does not appear to have this issue or upgrading to Windows Server 2012 or newer which is at least supported if we do have more issues along these lines.

Likes

Translate

Translate

Report

Report
Community Guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
Reply
Loading...
Oct 11, 2018 0