Response is giving // slashes at start - Taffy - ColdFusion

Question

I have setup my first REST API and I am new to using the Taffy framework.

I have a site which is working on ColdFusion 10, IIS and using ColdBox. I have setup a hello world example in a directory. I am getting // two slashes in the response. Here is an example of the response:

//["hello","world"]

My hello.cfc looks like this:

component extends="taffy.core.resource" taffy_uri="/hello" {

    function get(){
        return representationOf(['hello','world']);
    }

}

My application.cfc looks like this:

<cfcomponent extends="taffy.core.api">
    <cfscript>

        this.name = hash(getCurrentTemplatePath());
        this.mappings["/resources"] = listDeleteAt(cgi.script_name, listLen(cgi.script_name, "/"), "/") & "/resources";

        variables.framework = {};
        variables.framework.reloadKey = "reload";
        variables.framework.reloadPassword = "test";
        variables.framework.serializer = "taffy.core.nativeJsonSerializer";
        variables.framework.returnExceptionsAsJson = true;

        function onApplicationStart(){
            return super.onApplicationStart();
        }

        function onRequestStart(TARGETPATH){
            // reload app to make any envoirnmental changes
            if(structkeyexists(url,'reloadApp')){
                applicationStop();
                location('index.cfm');
            }
            // load Taffy onRequestStart before our stuff
            super.onRequestStart();

            if (request.taffyReloaded) {
                // reload ORM as well
                ORMReload();
            }
        }

        function onTaffyRequest(verb, cfc, requestArguments, mimeExt){
            return true;
        }
        function onError(Exception)
        {
            writeDump(Exception);
            abort;
        }
    </cfscript>
</cfcomponent>

Can anyone tell me where I am going wrong? Does this have something to do with using ColdBox?

You mentioned ColdBox in the second paragraph above, but the code you included only shows Taffy references. Did you mean Taffy instead of ColdBox? If so, can you correct your entry to remove confusion? — Carl Von Stetten, Jan 11 '16 at 15:15
#Carl Von Stetten. I just mentioned it so that the problem might be due to parent application. my directory is some thing like that. html folder contain all coldbox application and /html/api/taffy folder contain above which i have mentioned. But this is due to secureJSONPrefix which Miguel-F has mentioned. — Abdul Rauf, Jan 11 '16 at 15:36

score 8 · Accepted Answer · edited Jun 20 '20 at 09:12

8

That is coming from a server side setting in the ColdFusion admin, under settings. Prefix serialized JSON with. Beginning with ColdFusion 10 it is enabled by default for security. (I believe the feature was added with ColdFusion 9.) Protects web services, which return JSON data from cross-site scripting attacks by prefixing serialized JSON strings with a custom prefix. You could turn it off there but I do not recommend that. Instead you should handle it with your code.

See this post from Raymond Camden - Handling JSON with prefixes in jQuery and jQueryUI

NOTE: this setting can also be set per-application by setting secureJSON and secureJSONPrefix in your Application.cfc file. See the documentation about that here - Application variables.

secureJSON - A Boolean value that specifies whether to add a security prefix in front of the value that a ColdFusion function returns in JSON-format in response to a remote call.

The default value is the value of the Prefix serialized JSON setting in the Administrator Server Settings > Settings page (which defaults to false). You can override this value in the cffunction tag.

secureJSONPrefix - The security prefix to put in front of the value that a ColdFusion function returns in JSON-format in response to a remote call if the secureJSON setting is true.

The default value is the value of the Prefix serialized JSON setting in the Administrator Server Settings > Settings page (which defaults to //, the JavaScript comment character).

edited Jun 20 '20 at 09:12

Community

1
1

answered Jan 11 '16 at 13:48

Miguel-F

13,450
6
38
63

This is googd. Just let me know, how i would define it at function level. this is something like that function get() secureJSON=false {}. but it is not working. – Abdul Rauf Jan 11 '16 at 14:16
The documentation that I found specifically states the `cffunction` tag allows for the `secureJSON` attribute. I wonder if this is one of those things that they did not port over to the `cfscript` language _SIGH_. I'm still searching to be sure... – Miguel-F Jan 11 '16 at 14:45
i have tried it with this.secureJSON in application.cfc and with cffunction also. But it is not working for these also. – Abdul Rauf Jan 11 '16 at 14:47
You mentioned that you are using ColdBox, perhaps it has it's own setting for this as well. I don't know much about ColdBox. Setting in the Application.cfc file should definitely work. Did you restart ColdFusion after making the change? Regardless, I really don't think you should disable the setting anyway. Just handle the response by removing the first two characters. – Miguel-F Jan 11 '16 at 14:52
This is rest full API using taffy framework. Also i have now setup restful API using taffy framework on my local and taffy has not any settings about it. I have not restarted the coldfusion server. I have used applicationStop() function. I have restarted the server now. But these settings not working. – Abdul Rauf Jan 11 '16 at 15:10
Turn it off from coldfusion administrator has fixed my issue. But not through code. – Abdul Rauf Jan 11 '16 at 15:13
ok. working with the code also. Now it is working, don't know how. – Abdul Rauf Jan 11 '16 at 15:22

Response is giving // slashes at start - Taffy - ColdFusion

1 Answers1