Uploaded image for project: 'Railo'
  1. Railo
  2. RAILO-3315

CFHTTP doesn't send username and password attributes as Basic Authentication header over SSL

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 4.2.1.008
    • Fix Version/s: None
    • Labels:
    • Affects:
      Compatibility/Configuration
    • Workaround:
      Workaround Exists
    • Workaround Description:
      Hide

      Use cfhttpparam to specify the Authorization header manually:

      httpparam type="header" name="Authorization" value="Basic #ToBase64( 'username:password' )#";
      
      Show
      Use cfhttpparam to specify the Authorization header manually: httpparam type= "header" name= "Authorization" value= "Basic #ToBase64( 'username:password' )#" ;

      Description

      Specifying username and password attributes in cfhttp should result in a Basic Authorization header being sent (using the default authType and preAuth values).

      When the URL is standard http over port 80, this happens, but with an SSL URL over 443 the Authorization header is not automatically sent.

      ACF sends the Auth header regardless of SSL.

      Sending the header manually in Railo using cfhttpparam works however.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                micstriit Michael Offner
                Reporter:
                cfsimplicity Julian Halliwell
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: