Ben Nadel
On User Experience (UX) Design, JavaScript, ColdFusion, Node.js, Life, and Love.
Ben Nadel at Scotch On The Rocks (SOTR) 2011 (Edinburgh) with: Cyril Hanquez and Hugo Sombreireiro and Reto Aeberli and Steven Peeters and Guust Nieuwenhuis and Aurélien Deleusière and Damien Bruyndonckx
Ben Nadel at Scotch On The Rocks (SOTR) 2011 (Edinburgh) with: Cyril Hanquez@Fitzchev ) , Hugo Sombreireiro@hsombreireiro ) , Reto Aeberli@aeberli ) , Steven Peeters@aikisteve ) , Guust Nieuwenhuis@Lagaffe ) , Aurélien Deleusière@adeleusiere ) , and Damien Bruyndonckx ( @damienbkx )

Ask Ben: Spoofing Referrer With ColdFusion 8 CFImage Tag

By Ben Nadel on

Remember this post? http://www.bennadel.com/index.cfm?dax=blog:903.view

How would you do the same using CF8's new <cfimage> tag when READing a image with a URL as its source that gives you 403 errors?

Here is a sample of the offending URL: http://www.tirerack.com/images/wheels/americanracingmuscle/arm_razor_s_s.jpg

The ColdFusion 8 CFImage tag is totally bad ass. I mean, just the fact that you can even supply a URL as a valid source is wicked awesome! The way the CFImage tag works is a bit of a mystery to me, as it should be. ColdFusion is excellent at black-boxing the hard stuff and just letting us developers worry about leveraging the vast feature set that it supplies. I guess what I am trying to say here is that I don't know how to spoof a referrer directly in the CFImage URL request. However, that doesn't mean we still can't do what you want - it just requires an extra step.

As we have seen before, the CFImage tag can take a number of data types as the Source value. Above, you are trying to supply a URL. The CFImage tag also accepts a binary data object as a valid source value. Knowing this, we can easily append the CFImage functionality to the Playboy picture download example that you are referencing above:

  • <!--- Set up the target url. --->
  • <cfset strURL = (
  • "http://www.tirerack.com/images/wheels/americanracingmuscle/" &
  • "arm_razor_s_s.jpg"
  • ) />
  •  
  • <!---
  • Set up the base URL folder. This is the folder we
  • will use for the referring location.
  • --->
  • <cfset strReferrerUrl = GetDirectoryFromPath( strURL ) />
  •  
  •  
  • <!---
  • Grab the image at the given URL. When doing this, we
  • need to grab the image as binary so that we can feed
  • it directly into the CFImage tag.
  • --->
  • <cfhttp
  • url="#strURL#"
  • method="get"
  • useragent="#CGI.http_user_agent#"
  • getasbinary="yes"
  • result="objGet">
  •  
  • <!---
  • Spoof the referrer as a header value. This is
  • how we will get around the 403 forbidden access
  • error that is being returned by the server.
  • --->
  • <cfhttpparam
  • type="header"
  • name="referer"
  • value="#strReferrerUrl#"
  • />
  •  
  • </cfhttp>
  •  
  •  
  • <!---
  • ASSERT: If we have made it this far without timming out,
  • then we got are data back from the server. We can not
  • yet be possitive that it worked.
  • --->
  •  
  •  
  • <!--- Check to see if the CFHttp grab was successful. --->
  • <cfif FindNoCase( "200", objGet.StatusCode )>
  •  
  • <!---
  • We have successfully grabbed the image as a binary
  • object. Now, let's read that binary object into a
  • ColdFusion image object.
  • --->
  • <cfimage
  • action="read"
  • source="#objGet.FileContent#"
  • name="imgTarget"
  • />
  •  
  • <!---
  • Write the target image to the browser. We could have
  • skipped the above step and just read the binary CFHttp
  • data directly into this tag, but I wanted to demonstrate
  • that you could read it into a ColdFusion image object.
  • --->
  • <cfimage
  • action="writetobrowser"
  • source="#imgTarget#"
  • format="png"
  • />
  •  
  • <cfelse>
  •  
  • <!--- There was a problem with the CFHttp get. --->
  •  
  • <p>
  • There was a problem grabbing the image.
  • </p>
  •  
  • <p>
  • Error: <cfset WriteOutput( objGet.StatusCode ) />
  • </p>
  •  
  • </cfif>

Notice that as before, we are letting the CFHttp / CFHttpParam tags take care of grabbing the target image and spoofing the request information. The difference here is that, instead of writing the binary image data to a file, we are reading it directly into a ColdFusion 8 image object. Running the above code, we get the following image being written the browser:


 
 
 

 
Tire Rim Gotten Via ColdFusion 8 CFImage / CFHttp Combo  
 
 
 

It's a little bit more involved than just supplying a URL to the ColdFusion 8 CFImage tag, but it gets the job done. Hope that helps.



Reader Comments

Thanks so much Ben. I was leaning towards using your previous <cfhttp> code for a solution. I just was not sure if their was something I was missing with the <cfimage> tag when grabbing images that return 403 errors.

@Che,

There might be a shorter way of doing this, but not that I know of (yet). If I come across anything, I will let you know.

In the above code example, the CFHTTP tag has the following attribute/value pair: useragent="#CGI.script_name#"

I think you meant this to be useragent="#CGI.http_user_agent#" rather than referer.

Ooops! Yeah, you are right. I've been getting very sloppy this week - yesterday, I posted a blog entry and totally forgot to post the code :( Not a good way to start off the week. Thanks for the catch.

Ben, Is it possible to take advantage of cfimage if you have CF7MX?

I wanted to use it for a "captcha" program.

@Ben thank you so much for this code walk through, I spent considerable time searching on google before selecting the correct google keywords that landed me here. this worked perfectly