Twitter: raymondcamden

Address: Lafayette, LA, USA

Smart Quotes Strike Again

01-30-2014 2,990 views ColdFusion 4 Comments

Earlier today I helped a buddy of mine who was trying to get CORS working with ColdFusion. He followed my simple tip (Enable CORS for ColdFusion Services) but it didn't work. I did some digging and this is what I found.

The first thing I did was to open up his service directly in my browser. I knew I could use Chrome's DevTools to look at the header responses from his service. This is what I saw.

See the funky crap around the Access-Control-Allow-Origin line? That was my clue. I asked him for the code and this is what I saw:

See it? The quotes around the header name and value are those funky smart quotes (they probably have a more formal name) and not "regular" quotes (compare to the name of the function above). So... yeah. They suck.


These comments will soon be imported into Disqus. To add a comment, use Disqus above.
  • Salvatore fusto #
    Commented on 01-31-2014 at 2:12 AM
    Ray, i've found the same problem with <cfheader>, so i tried:
    getPageContext().getResponse().setHeader( "Access-Control-Allow-Origin", "*" ) that is a good basic solution imho.
    for all undocumented getpageContext() refer to:
  • Commented on 01-31-2014 at 5:39 AM
    Err, I'm confused. The issue with cfheader was the bad quotes. The fix was to use proper quotes.
  • Salvatore fusto #
    Commented on 01-31-2014 at 9:06 AM
    Ray, time ago i tested an angular app working on my laptop, with an ip, fetching data from my server with another ip, using ajax, and of course i had CORS issues. i tried your solution, writing th code by hand with single and double quotes in attribute values, with no luck.
    then i tested a jsonp call and getpageContext() as mentioned and all worked fine, jsonp and getPageContext().
  • Commented on 01-31-2014 at 9:27 AM
    Hmm. If you can ever go back and revert to cfheader, let me know. I'd like to see it.