Ask Ben: Spoofing Referrer With ColdFusion 8 CFImage Tag
Posted August 28, 2007 at 8:28 AM by Ben Nadel
Remember this post? http://www.bennadel.com/index.cfm?dax=blog:903.view
How would you do the same using CF8's new <cfimage> tag when READing a image with a URL as its source that gives you 403 errors?
Here is a sample of the offending URL: http://www.tirerack.com/images/wheels/americanracingmuscle/arm_razor_s_s.jpg
The ColdFusion 8 CFImage tag is totally bad ass. I mean, just the fact that you can even supply a URL as a valid source is wicked awesome! The way the CFImage tag works is a bit of a mystery to me, as it should be. ColdFusion is excellent at black-boxing the hard stuff and just letting us developers worry about leveraging the vast feature set that it supplies. I guess what I am trying to say here is that I don't know how to spoof a referrer directly in the CFImage URL request. However, that doesn't mean we still can't do what you want - it just requires an extra step.
As we have seen before, the CFImage tag can take a number of data types as the Source value. Above, you are trying to supply a URL. The CFImage tag also accepts a binary data object as a valid source value. Knowing this, we can easily append the CFImage functionality to the Playboy picture download example that you are referencing above:
- <!--- Set up the target url. --->
- <cfset strURL = (
- "http://www.tirerack.com/images/wheels/americanracingmuscle/" &
- ) />
- Set up the base URL folder. This is the folder we
- will use for the referring location.
- <cfset strReferrerUrl = GetDirectoryFromPath( strURL ) />
- Grab the image at the given URL. When doing this, we
- need to grab the image as binary so that we can feed
- it directly into the CFImage tag.
- Spoof the referrer as a header value. This is
- how we will get around the 403 forbidden access
- error that is being returned by the server.
- ASSERT: If we have made it this far without timming out,
- then we got are data back from the server. We can not
- yet be possitive that it worked.
- <!--- Check to see if the CFHttp grab was successful. --->
- <cfif FindNoCase( "200", objGet.StatusCode )>
- We have successfully grabbed the image as a binary
- object. Now, let's read that binary object into a
- ColdFusion image object.
- Write the target image to the browser. We could have
- skipped the above step and just read the binary CFHttp
- data directly into this tag, but I wanted to demonstrate
- that you could read it into a ColdFusion image object.
- <!--- There was a problem with the CFHttp get. --->
- There was a problem grabbing the image.
- Error: <cfset WriteOutput( objGet.StatusCode ) />
Notice that as before, we are letting the CFHttp / CFHttpParam tags take care of grabbing the target image and spoofing the request information. The difference here is that, instead of writing the binary image data to a file, we are reading it directly into a ColdFusion 8 image object. Running the above code, we get the following image being written the browser:
| || || |
| || |
| || || |
It's a little bit more involved than just supplying a URL to the ColdFusion 8 CFImage tag, but it gets the job done. Hope that helps.
What Other People Are Searching For
Thanks so much Ben. I was leaning towards using your previous <cfhttp> code for a solution. I just was not sure if their was something I was missing with the <cfimage> tag when grabbing images that return 403 errors.
There might be a shorter way of doing this, but not that I know of (yet). If I come across anything, I will let you know.
In the above code example, the CFHTTP tag has the following attribute/value pair: useragent="#CGI.script_name#"
I think you meant this to be useragent="#CGI.http_user_agent#" rather than referer.
Ooops! Yeah, you are right. I've been getting very sloppy this week - yesterday, I posted a blog entry and totally forgot to post the code :( Not a good way to start off the week. Thanks for the catch.
Ben, Is it possible to take advantage of cfimage if you have CF7MX?
I wanted to use it for a "captcha" program.
Not that I know of. Sorry.
@Ben thank you so much for this code walk through, I spent considerable time searching on google before selecting the correct google keywords that landed me here. this worked perfectly
Glad to help out.