Ask Ben: Spoofing Referrer With ColdFusion 8 CFImage Tag
Remember this post? http://www.bennadel.com/index.cfm?dax=blog:903.view
How would you do the same using CF8's new <cfimage> tag when READing a image with a URL as its source that gives you 403 errors?
Here is a sample of the offending URL: http://www.tirerack.com/images/wheels/americanracingmuscle/arm_razor_s_s.jpg
The ColdFusion 8 CFImage tag is totally bad ass. I mean, just the fact that you can even supply a URL as a valid source is wicked awesome! The way the CFImage tag works is a bit of a mystery to me, as it should be. ColdFusion is excellent at black-boxing the hard stuff and just letting us developers worry about leveraging the vast feature set that it supplies. I guess what I am trying to say here is that I don't know how to spoof a referrer directly in the CFImage URL request. However, that doesn't mean we still can't do what you want - it just requires an extra step.
As we have seen before, the CFImage tag can take a number of data types as the Source value. Above, you are trying to supply a URL. The CFImage tag also accepts a binary data object as a valid source value. Knowing this, we can easily append the CFImage functionality to the Playboy picture download example that you are referencing above:
<!--- Set up the target url. ---> | |
<cfset strURL = ( | |
"http://www.tirerack.com/images/wheels/americanracingmuscle/" & | |
"arm_razor_s_s.jpg" | |
) /> | |
<!--- | |
Set up the base URL folder. This is the folder we | |
will use for the referring location. | |
---> | |
<cfset strReferrerUrl = GetDirectoryFromPath( strURL ) /> | |
<!--- | |
Grab the image at the given URL. When doing this, we | |
need to grab the image as binary so that we can feed | |
it directly into the CFImage tag. | |
---> | |
<cfhttp | |
url="#strURL#" | |
method="get" | |
useragent="#CGI.http_user_agent#" | |
getasbinary="yes" | |
result="objGet"> | |
<!--- | |
Spoof the referrer as a header value. This is | |
how we will get around the 403 forbidden access | |
error that is being returned by the server. | |
---> | |
<cfhttpparam | |
type="header" | |
name="referer" | |
value="#strReferrerUrl#" | |
/> | |
</cfhttp> | |
<!--- | |
ASSERT: If we have made it this far without timming out, | |
then we got are data back from the server. We can not | |
yet be possitive that it worked. | |
---> | |
<!--- Check to see if the CFHttp grab was successful. ---> | |
<cfif FindNoCase( "200", objGet.StatusCode )> | |
<!--- | |
We have successfully grabbed the image as a binary | |
object. Now, let's read that binary object into a | |
ColdFusion image object. | |
---> | |
<cfimage | |
action="read" | |
source="#objGet.FileContent#" | |
name="imgTarget" | |
/> | |
<!--- | |
Write the target image to the browser. We could have | |
skipped the above step and just read the binary CFHttp | |
data directly into this tag, but I wanted to demonstrate | |
that you could read it into a ColdFusion image object. | |
---> | |
<cfimage | |
action="writetobrowser" | |
source="#imgTarget#" | |
format="png" | |
/> | |
<cfelse> | |
<!--- There was a problem with the CFHttp get. ---> | |
<p> | |
There was a problem grabbing the image. | |
</p> | |
<p> | |
Error: <cfset WriteOutput( objGet.StatusCode ) /> | |
</p> | |
</cfif> |
Notice that as before, we are letting the CFHttp / CFHttpParam tags take care of grabbing the target image and spoofing the request information. The difference here is that, instead of writing the binary image data to a file, we are reading it directly into a ColdFusion 8 image object. Running the above code, we get the following image being written the browser:

It's a little bit more involved than just supplying a URL to the ColdFusion 8 CFImage tag, but it gets the job done. Hope that helps.
Want to use code from this post? Check out the license.
Reader Comments
Thanks so much Ben. I was leaning towards using your previous <cfhttp> code for a solution. I just was not sure if their was something I was missing with the <cfimage> tag when grabbing images that return 403 errors.
@Che,
There might be a shorter way of doing this, but not that I know of (yet). If I come across anything, I will let you know.
In the above code example, the CFHTTP tag has the following attribute/value pair: useragent="#CGI.script_name#"
I think you meant this to be useragent="#CGI.http_user_agent#" rather than referer.
Ooops! Yeah, you are right. I've been getting very sloppy this week - yesterday, I posted a blog entry and totally forgot to post the code :( Not a good way to start off the week. Thanks for the catch.
Ben, Is it possible to take advantage of cfimage if you have CF7MX?
I wanted to use it for a "captcha" program.
@Brett,
Not that I know of. Sorry.
@Ben thank you so much for this code walk through, I spent considerable time searching on google before selecting the correct google keywords that landed me here. this worked perfectly
@Chris,
Glad to help out.