Friday, October 06, 2017

ColdFusion 2016, IIS 8.5, Skip IIS Custom Errors and 401 responses

Well I thought I would just put this quick thought out as it had me pulling my hair for a bit.

I developed an API for a client that when it fails authentication it returns a 401 and a JSON response in the body. In ColdFusion 11 I had no issues and then I just updated their staging server to ColdFusion 2016 and it started to return 401 without the response BODY ( sometimes it would and sometimes it would not ). This caused some issues with an app I am developing that uses this API and hence the hair pulling.

So, I decided to look at my connector and see it it was a setting I chose and it was, apparently clicking on Skip IIS Custom Errors causes this issue.

I have written about this before and recommended it (http://www.giancarlogomez.com/2016/05/coldfusion-10-iis-7-custom-errors-and.html) but now it appears I might revert back to the default setting (at least for this client ).

Now, after comparing the ColdFusion 11 install that I have still on production, it appears I have this setting set to false and on this upgrade I decided to set to true ( or click in the wsconfig GUI ). I don't know why I did this, maybe because I saw a checkbox for it and was like cool I will click it ( squirrel ).

So as a reminder to myself and hopefully to anyone else that might experience this issue, just set that setting to false and everything will go back to normal :-).



Tuesday, May 23, 2017

Invalid SSL on Chrome 58+ due to missing_subjectAltName

A friend of mine experienced this today and I referred him to a post that I used to fix the issue locally with my self-signed certificates when I first encountered it a month ago.

The author, Alexander Zeitler, goes thru the steps required to create your own CA (certificate authority) which is very handy when you want to just trust any certificate you create using it. Then he goes thru the steps for generating the SSL certificates using OpenSSL. In my own experience, I did not need the additional server config file he specifies, which I believe it was an issue with my version of OpenSSL but regardless it worked.

You can read thru the comments to find out more.

The link is :
https://alexanderzeitler.com/articles/Fixing-Chrome-missing_subjectAltName-selfsigned-cert-openssl/

He also wrote it on my birthday, so it was a nice gift. Thank you for sharing Alexander!

Wednesday, May 17, 2017

My Into The Box 2017 Experience

Well this is an overdue post that unfortunately work and personal things kept me from for a bit, but as promised I wanted to share my personal experience at Into the Box (ITB) this year. Also, why I feel it is one of the best, if not the best, ColdFusion conference I have ever attended.

I like others, have asked, “Why"? Why should I go to this gathering, isn't it just for users of ColdBox? Not, that I haven't used ColdBox, in fact I do and still support apps written in ColdBox. However, if I'm going to be honest, I am more of a Framework One kind of guy. So, before I go any further into my experience, let’s put that thought to rest.

Now, the keynote speakers presented a lot of great information geared towards ColdBox and their arsenal of tools. But, did you know, you do not have to use ColdBox to use them? Remember, as stated in their site, "ColdBox is an MVC framework for ColdFusion”, but the ColdBox Platform is so much more than that which include: WireBox, CacheBox, LogBox, TextBox, MockBox, ContentBox and CommandBox (which is my favorite). So, to answer the question, no you don’t have to use ColdBox MVC framework to attend, all you have to be is a ColdFusion developer that is interested in learning from and meeting peers in our community.

To start with my experience, from a personal stand point, this has been the best. Over the years of me working from home (although a blessing) I found myself becoming more of an introvert rather than the extrovert I was when I played music back in the day. This is something that I eventually break thru and once we start talking you might even wonder when was I ever shy, but I am. The setting for this particular conference was very different from others. From the moment I arrived thru the doors of the hotel and immediately introduced myself to Jorge Reyes and Bill Garoutte, it just felt different and very welcoming. The venue was just perfect and was intimate unlike the feeling I get from the conferences sponsored in Vegas. Please note, I hate Vegas and always have, from the days I attended Adobe MAX, Microsoft’s Connections to name a few and right from my first visit to the Magic Convention, which is not even a developer conference instead a retail industry convention. You may not share the same feeling for Vegas like I do which is perfectly fine as we are all entitled to our own opinion. At ITB, I found the intimacy and detail to personal connections to be extremely refreshing. We were more like a group of friends than strangers meeting in some large hall.

In regards to content. I found the information presented was truly amazing in how it was laid out and described. Going back to our first concern of, “Don’t I have to be a ColdBox user”, well you can say the proof is in the pudding. I would like to highlight some of my favorite moments but would first like to say I am grateful to every presenter that took time out of their busy schedules to share the knowledge they have with the rest of us. From Kevin Jones' presentations on NGINX, John Farrar’s on using Vue and introducing some modern development workflows, Mike Brunt’s on Tuning and Troubleshooting ColdFusion, Luis Majano’s on ORM, Brad Wood’s on CommandBox and introducing CFConfig (thank you), Charlie Aerhart’s on opening our eyes to what those damn spiders are doing to our servers and by far the one that blew my mind and inspired a CFC and a blog post to follow this was Gert Franz’s "How to make CFML script fast".

I can’t forget to mention the Happy Box Event featuring the Mariachi Band. This was the cherry on top, the moment I truly felt like I was part of a special group of people, a strong ColdFusion community and almost Family. Jorge, you sir have pipes, Luis you escaped your performance too quick, Brad and Gavin, next year the spotlight will be on you guys.

So, to close out this post, Into The Box was amazing. You can expect to see me at future ones and spreading the word. I can’t wait until next year and experience it all over again. To everyone at Ortus and anyone else involved, thank you for putting such a great event together.

Tuesday, May 02, 2017

On ColdFusion 10 ... Don't wait to upgrade anymore.

Just in case you are still on ColdFusion 10 and are contemplating upgrading, it appears that if you do not do it before May 31st, 2017 you will have to pay full price.

Don't take my word for it ...

Read it on their blog here

Wednesday, September 07, 2016

How to set up Facebook Login Deauthorize Callback with ColdFusion

Today, I continued my fun development on CrossTrackr with the Facebook Graph API as I had a few things to fix or update (to say the least). While doing this, I noticed that there was a callback for when a user deauthorized your app. Which currently on CrossTrackr, if a user did this and then tried to post, it would catch it and then just reset the user's settings. Although that worked, I wanted a better solution and this offered it by simply allowing me to complete the process on my end as soon as they executed the deauthorization.

In the most simple explanation, facebook simply sends a form post with a signed_request field value. You need to take this value and decode it properly so you can view the user_id, find in your system and then do what is necessary (depending on your implementation).

I could not find specific info on what was being returned on the Facebook developers portal (maybe because I did not look hard enough before googling) but lucky for us, there are many people out there that share their knowledge when they themselves figure it out, which is all I am doing here myself. The code that I have below is basically a port of a few PHP snippets and some other smart developers that were able to create an equivalent to PHP's hash_hmac.

I hope this helps you out if trying to do this on ColdFusion.

I'd like to thank the contributors of the following posts.

Facebook Deauthorize Function and Usage Example