Coldfusion-2018 HTTP Token: Access denied

Report · Oct 21, 2019

The cURL (cfhttp) command in Coldfusion-10 worked, but after migrating the same code to Coldfusion-2018 is not working.

I use the same Token value in CF-10 and CF-2018!!!

I have the below code working on CF10:

<cfset 
structContainer = {
    "container": {
        "number": "ABCD123456",
        "shipping_line": "ABCD",
        "sandbox_url": "http://api.myhost.com/"    }
}/>

<cfset structJson = serializeJSON(structContainer) />cfhttp
    url="https://customerurl/api/v1/"
    method="post"
    result="structResult"
    username="myaccount@myhost.com"
    password="12345">

    <cfhttpparam type="header" name="Content-Type" value="application/json">
    <cfhttpparam type="header" name="Authorization" value="Token token=x1x2x3x4x5x6">
    <cfhttpparam type="header" name="X-ApiVersion" value="1.0">
    <cfhttpparam type="header" name="Accept" value="*/*">
    <cfhttpparam type="body" encoded="false" value="#trim(structJson)#">
</cfhttp>


<html>
    <body>
<cfoutput>
    <cfdump
        var="#structResult#"
        label="HTTP Body"
        output="c:/result.txt"
    />
</cfoutput>

    </body>
</html>

But when I migrated to Coldfusion 2018 is returning the error below (structResult):

HTTP Body - struct

Charset: utf-8
Errordetail: [empty string]
Filecontent: HTTP Token: Access denied.
Header: HTTP/1.1 401 Unauthorized
Date: Mon, 21 Oct 2019 12:56:48 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
WWW-Authenticate: Token realm="Application"
Cache-Control: no-cache
X-Request-Id: 4539026e-8b8d-4f67-836b-153b8b9c58fc
X-Runtime: 0.006391
Strict-Transport-Security: max-age=31536000
Mimetype: text/html
Responseheader:
[struct]
Cache-Control: no-cache
Connection: keep-alive
Content-Type: text/html; charset=utf-8
Date: Mon, 21 Oct 2019 12:56:48 GMT
Explanation: Unauthorized
Http_Version: HTTP/1.1
Status_Code: 401
Strict-Transport-Security: max-age=31536000
Transfer-Encoding: chunked
WWW-Authenticate: Token realm="Application"
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: 4539026e-8b8d-4f67-836b-153b8b9c58fc
X-Runtime: 0.006391
X-XSS-Protection: 1; mode=block
Statuscode: 401 Unauthorized
Text: YES

Please, someone to give me a light?

Best Regards!

Report · Oct 21, 2019

I cannot say I know what's causing the problem. But I know one thing you can try: add the following flag to the java.args settings in your jvm.config file:

-Dcoldfusion.http.usepooling=false

That is a workaround suggested for a recent CFHTTP issue (https://tracker.adobe.com/#/view/CF-4205439).

Remember to restart the instance afterwards.

Report · Oct 22, 2019

I would guess it has to do with how CF is encoding the equals sign in the header value. Try adding encoded="false" to your cfhttpparam that contains the token.

Adobe Community

Coldfusion-2018 HTTP Token: Access denied