Skip to main content
Ben Nadel
On User Experience (UX) Design, JavaScript, ColdFusion, Node.js, Life, and Love.

Ask Ben: Spoofing Referrer With ColdFusion 8 CFImage Tag

By Ben Nadel on

Remember this post? www.bennadel.com/index.cfm?dax=blog:903.view

How would you do the same using CF8's new <cfimage> tag when READing a image with a URL as its source that gives you 403 errors?

Here is a sample of the offending URL: http://www.tirerack.com/images/wheels/americanracingmuscle/arm_razor_s_s.jpg

The ColdFusion 8 CFImage tag is totally bad ass. I mean, just the fact that you can even supply a URL as a valid source is wicked awesome! The way the CFImage tag works is a bit of a mystery to me, as it should be. ColdFusion is excellent at black-boxing the hard stuff and just letting us developers worry about leveraging the vast feature set that it supplies. I guess what I am trying to say here is that I don't know how to spoof a referrer directly in the CFImage URL request. However, that doesn't mean we still can't do what you want - it just requires an extra step.

As we have seen before, the CFImage tag can take a number of data types as the Source value. Above, you are trying to supply a URL. The CFImage tag also accepts a binary data object as a valid source value. Knowing this, we can easily append the CFImage functionality to the Playboy picture download example that you are referencing above:

<!--- Set up the target url. --->
<cfset strURL = (
	"http://www.tirerack.com/images/wheels/americanracingmuscle/" &
	"arm_razor_s_s.jpg"
	) />

<!---
	Set up the base URL folder. This is the folder we
	will use for the referring location.
--->
<cfset strReferrerUrl = GetDirectoryFromPath( strURL ) />


<!---
	Grab the image at the given URL. When doing this, we
	need to grab the image as binary so that we can feed
	it directly into the CFImage tag.
--->
<cfhttp
	url="#strURL#"
	method="get"
	useragent="#CGI.http_user_agent#"
	getasbinary="yes"
	result="objGet">

	<!---
		Spoof the referrer as a header value. This is
		how we will get around the 403 forbidden access
		error that is being returned by the server.
	--->
	<cfhttpparam
		type="header"
		name="referer"
		value="#strReferrerUrl#"
		/>

</cfhttp>


<!---
	ASSERT: If we have made it this far without timming out,
	then we got are data back from the server. We can not
	yet be possitive that it worked.
--->


<!--- Check to see if the CFHttp grab was successful. --->
<cfif FindNoCase( "200", objGet.StatusCode )>

	<!---
		We have successfully grabbed the image as a binary
		object. Now, let's read that binary object into a
		ColdFusion image object.
	--->
	<cfimage
		action="read"
		source="#objGet.FileContent#"
		name="imgTarget"
		/>

	<!---
		Write the target image to the browser. We could have
		skipped the above step and just read the binary CFHttp
		data directly into this tag, but I wanted to demonstrate
		that you could read it into a ColdFusion image object.
	--->
	<cfimage
		action="writetobrowser"
		source="#imgTarget#"
		format="png"
		/>

<cfelse>

	<!--- There was a problem with the CFHttp get. --->

	<p>
		There was a problem grabbing the image.
	</p>

	<p>
		Error: <cfset WriteOutput( objGet.StatusCode ) />
	</p>

</cfif>

Notice that as before, we are letting the CFHttp / CFHttpParam tags take care of grabbing the target image and spoofing the request information. The difference here is that, instead of writing the binary image data to a file, we are reading it directly into a ColdFusion 8 image object. Running the above code, we get the following image being written the browser:

Tire Rim Gotten Via ColdFusion 8 CFImage / CFHttp Combo

It's a little bit more involved than just supplying a URL to the ColdFusion 8 CFImage tag, but it gets the job done. Hope that helps.


Reader Comments

Thanks so much Ben. I was leaning towards using your previous <cfhttp> code for a solution. I just was not sure if their was something I was missing with the <cfimage> tag when grabbing images that return 403 errors.

@Che,

There might be a shorter way of doing this, but not that I know of (yet). If I come across anything, I will let you know.

In the above code example, the CFHTTP tag has the following attribute/value pair: useragent="#CGI.script_name#"

I think you meant this to be useragent="#CGI.http_user_agent#" rather than referer.

Ooops! Yeah, you are right. I've been getting very sloppy this week - yesterday, I posted a blog entry and totally forgot to post the code :( Not a good way to start off the week. Thanks for the catch.

Ben, Is it possible to take advantage of cfimage if you have CF7MX?

I wanted to use it for a "captcha" program.

@Ben thank you so much for this code walk through, I spent considerable time searching on google before selecting the correct google keywords that landed me here. this worked perfectly