Ask Ben: Spoofing Referrer With ColdFusion 8 CFImage Tag

Posted August 28, 2007 at 8:28 AM

Tags: Ask Ben, ColdFusion

Remember this post? http://www.bennadel.com/index.cfm?dax=blog:903.view

How would you do the same using CF8's new <cfimage> tag when READing a image with a URL as its source that gives you 403 errors?

Here is a sample of the offending URL: http://www.tirerack.com/images/wheels/americanracingmuscle/arm_razor_s_s.jpg

The ColdFusion 8 CFImage tag is totally bad ass. I mean, just the fact that you can even supply a URL as a valid source is wicked awesome! The way the CFImage tag works is a bit of a mystery to me, as it should be. ColdFusion is excellent at black-boxing the hard stuff and just letting us developers worry about leveraging the vast feature set that it supplies. I guess what I am trying to say here is that I don't know how to spoof a referrer directly in the CFImage URL request. However, that doesn't mean we still can't do what you want - it just requires an extra step.

As we have seen before, the CFImage tag can take a number of data types as the Source value. Above, you are trying to supply a URL. The CFImage tag also accepts a binary data object as a valid source value. Knowing this, we can easily append the CFImage functionality to the Playboy picture download example that you are referencing above:

 Launch code in new window » Download code as text file »

  • <!--- Set up the target url. --->
  • <cfset strURL = (
  • "http://www.tirerack.com/images/wheels/americanracingmuscle/" &
  • "arm_razor_s_s.jpg"
  • ) />
  •  
  • <!---
  • Set up the base URL folder. This is the folder we
  • will use for the referring location.
  • --->
  • <cfset strReferrerUrl = GetDirectoryFromPath( strURL ) />
  •  
  •  
  • <!---
  • Grab the image at the given URL. When doing this, we
  • need to grab the image as binary so that we can feed
  • it directly into the CFImage tag.
  • --->
  • <cfhttp
  • url="#strURL#"
  • method="get"
  • useragent="#CGI.http_user_agent#"
  • getasbinary="yes"
  • result="objGet">
  •  
  • <!---
  • Spoof the referrer as a header value. This is
  • how we will get around the 403 forbidden access
  • error that is being returned by the server.
  • --->
  • <cfhttpparam
  • type="header"
  • name="referer"
  • value="#strReferrerUrl#"
  • />
  •  
  • </cfhttp>
  •  
  •  
  • <!---
  • ASSERT: If we have made it this far without timming out,
  • then we got are data back from the server. We can not
  • yet be possitive that it worked.
  • --->
  •  
  •  
  • <!--- Check to see if the CFHttp grab was successful. --->
  • <cfif FindNoCase( "200", objGet.StatusCode )>
  •  
  • <!---
  • We have successfully grabbed the image as a binary
  • object. Now, let's read that binary object into a
  • ColdFusion image object.
  • --->
  • <cfimage
  • action="read"
  • source="#objGet.FileContent#"
  • name="imgTarget"
  • />
  •  
  • <!---
  • Write the target image to the browser. We could have
  • skipped the above step and just read the binary CFHttp
  • data directly into this tag, but I wanted to demonstrate
  • that you could read it into a ColdFusion image object.
  • --->
  • <cfimage
  • action="writetobrowser"
  • source="#imgTarget#"
  • format="png"
  • />
  •  
  • <cfelse>
  •  
  • <!--- There was a problem with the CFHttp get. --->
  •  
  • <p>
  • There was a problem grabbing the image.
  • </p>
  •  
  • <p>
  • Error: <cfset WriteOutput( objGet.StatusCode ) />
  • </p>
  •  
  • </cfif>

Notice that as before, we are letting the CFHttp / CFHttpParam tags take care of grabbing the target image and spoofing the request information. The difference here is that, instead of writing the binary image data to a file, we are reading it directly into a ColdFusion 8 image object. Running the above code, we get the following image being written the browser:


  
  
  

 
Tire Rim Gotten Via ColdFusion 8 CFImage / CFHttp Combo  
 
  
  

It's a little bit more involved than just supplying a URL to the ColdFusion 8 CFImage tag, but it gets the job done. Hope that helps.

Download Code Snippet ZIP File

Comments (4)  |  Post Comment  |  Ask Ben  |  Permalink  |  Other Searches  |  Print Page



Adobe ColdFusion 8.0.1 Update - Helping Programmers To Be Signifanctly Less Girlie - Download ColdFusion 8 Update 8.0.1 Now.

Reader Comments

Thanks so much Ben. I was leaning towards using your previous <cfhttp> code for a solution. I just was not sure if their was something I was missing with the <cfimage> tag when grabbing images that return 403 errors.

Posted by Che on Aug 28, 2007 at 8:39 AM


@Che,

There might be a shorter way of doing this, but not that I know of (yet). If I come across anything, I will let you know.

Posted by Ben Nadel on Aug 28, 2007 at 8:44 AM


In the above code example, the CFHTTP tag has the following attribute/value pair: useragent="#CGI.script_name#"

I think you meant this to be useragent="#CGI.http_user_agent#" rather than referer.

Posted by Steven Erat on Aug 28, 2007 at 11:53 AM


Ooops! Yeah, you are right. I've been getting very sloppy this week - yesterday, I posted a blog entry and totally forgot to post the code :( Not a good way to start off the week. Thanks for the catch.

Posted by Ben Nadel on Aug 28, 2007 at 12:12 PM


Post Comment  |  Ask Ben


Home   |   Web Log   |   ColdFusion   |   Projects   |   Resume   |   Job Form   |   Search   |   Contact
Epicenter Consulting - Custom Software Solutions for Business Evolution HostMySite.com - The Leader In ColdFusion Hosting