Ben Nadel
On User Experience (UX) Design, JavaScript, ColdFusion, Node.js, Life, and Love.
I am the chief technical officer at InVision App, Inc - a prototyping and collaboration platform for designers, built by designers. I also rock out in JavaScript and ColdFusion 24x7.
Meanwhile on Twitter
Loading latest tweet...
Ben Nadel at NCDevCon 2011 (Raleigh, NC) with:

Ask Ben: Spoofing Referrer With ColdFusion 8 CFImage Tag

Posted by Ben Nadel

Remember this post? http://www.bennadel.com/index.cfm?dax=blog:903.view

How would you do the same using CF8's new <cfimage> tag when READing a image with a URL as its source that gives you 403 errors?

Here is a sample of the offending URL: http://www.tirerack.com/images/wheels/americanracingmuscle/arm_razor_s_s.jpg

The ColdFusion 8 CFImage tag is totally bad ass. I mean, just the fact that you can even supply a URL as a valid source is wicked awesome! The way the CFImage tag works is a bit of a mystery to me, as it should be. ColdFusion is excellent at black-boxing the hard stuff and just letting us developers worry about leveraging the vast feature set that it supplies. I guess what I am trying to say here is that I don't know how to spoof a referrer directly in the CFImage URL request. However, that doesn't mean we still can't do what you want - it just requires an extra step.

As we have seen before, the CFImage tag can take a number of data types as the Source value. Above, you are trying to supply a URL. The CFImage tag also accepts a binary data object as a valid source value. Knowing this, we can easily append the CFImage functionality to the Playboy picture download example that you are referencing above:

  • <!--- Set up the target url. --->
  • <cfset strURL = (
  • "http://www.tirerack.com/images/wheels/americanracingmuscle/" &
  • "arm_razor_s_s.jpg"
  • ) />
  •  
  • <!---
  • Set up the base URL folder. This is the folder we
  • will use for the referring location.
  • --->
  • <cfset strReferrerUrl = GetDirectoryFromPath( strURL ) />
  •  
  •  
  • <!---
  • Grab the image at the given URL. When doing this, we
  • need to grab the image as binary so that we can feed
  • it directly into the CFImage tag.
  • --->
  • <cfhttp
  • url="#strURL#"
  • method="get"
  • useragent="#CGI.http_user_agent#"
  • getasbinary="yes"
  • result="objGet">
  •  
  • <!---
  • Spoof the referrer as a header value. This is
  • how we will get around the 403 forbidden access
  • error that is being returned by the server.
  • --->
  • <cfhttpparam
  • type="header"
  • name="referer"
  • value="#strReferrerUrl#"
  • />
  •  
  • </cfhttp>
  •  
  •  
  • <!---
  • ASSERT: If we have made it this far without timming out,
  • then we got are data back from the server. We can not
  • yet be possitive that it worked.
  • --->
  •  
  •  
  • <!--- Check to see if the CFHttp grab was successful. --->
  • <cfif FindNoCase( "200", objGet.StatusCode )>
  •  
  • <!---
  • We have successfully grabbed the image as a binary
  • object. Now, let's read that binary object into a
  • ColdFusion image object.
  • --->
  • <cfimage
  • action="read"
  • source="#objGet.FileContent#"
  • name="imgTarget"
  • />
  •  
  • <!---
  • Write the target image to the browser. We could have
  • skipped the above step and just read the binary CFHttp
  • data directly into this tag, but I wanted to demonstrate
  • that you could read it into a ColdFusion image object.
  • --->
  • <cfimage
  • action="writetobrowser"
  • source="#imgTarget#"
  • format="png"
  • />
  •  
  • <cfelse>
  •  
  • <!--- There was a problem with the CFHttp get. --->
  •  
  • <p>
  • There was a problem grabbing the image.
  • </p>
  •  
  • <p>
  • Error: <cfset WriteOutput( objGet.StatusCode ) />
  • </p>
  •  
  • </cfif>

Notice that as before, we are letting the CFHttp / CFHttpParam tags take care of grabbing the target image and spoofing the request information. The difference here is that, instead of writing the binary image data to a file, we are reading it directly into a ColdFusion 8 image object. Running the above code, we get the following image being written the browser:


 
 
 

 
Tire Rim Gotten Via ColdFusion 8 CFImage / CFHttp Combo  
 
 
 

It's a little bit more involved than just supplying a URL to the ColdFusion 8 CFImage tag, but it gets the job done. Hope that helps.



Reader Comments

Thanks so much Ben. I was leaning towards using your previous <cfhttp> code for a solution. I just was not sure if their was something I was missing with the <cfimage> tag when grabbing images that return 403 errors.

Reply to this Comment

@Che,

There might be a shorter way of doing this, but not that I know of (yet). If I come across anything, I will let you know.

Reply to this Comment

In the above code example, the CFHTTP tag has the following attribute/value pair: useragent="#CGI.script_name#"

I think you meant this to be useragent="#CGI.http_user_agent#" rather than referer.

Reply to this Comment

Ooops! Yeah, you are right. I've been getting very sloppy this week - yesterday, I posted a blog entry and totally forgot to post the code :( Not a good way to start off the week. Thanks for the catch.

Reply to this Comment

Ben, Is it possible to take advantage of cfimage if you have CF7MX?

I wanted to use it for a "captcha" program.

Reply to this Comment

@Ben thank you so much for this code walk through, I spent considerable time searching on google before selecting the correct google keywords that landed me here. this worked perfectly

Reply to this Comment

Post A Comment

?
You — Get Out Of My Dreams, Get Into My Comments
Live in the Now
Oops!
Comment Etiquette: Please do not post spam. Please keep the comments on-topic. Please do not post unrelated questions or large chunks of code. And, above all, please be nice to each other - we're trying to have a good conversation here.