Smart Quotes Strike Again

Earlier today I helped a buddy of mine who was trying to get CORS working with ColdFusion. He followed my simple tip (Enable CORS for ColdFusion Services) but it didn't work. I did some digging and this is what I found.

The first thing I did was to open up his service directly in my browser. I knew I could use Chrome's DevTools to look at the header responses from his service. This is what I saw.

See the funky crap around the Access-Control-Allow-Origin line? That was my clue. I asked him for the code and this is what I saw:

See it? The quotes around the header name and value are those funky smart quotes (they probably have a more formal name) and not "regular" quotes (compare to the name of the function above). So... yeah. They suck.

Archived Comments

Comment 1 by Salvatore fusto posted on 1/31/2014 at 1:12 PM

Ray, i've found the same problem with <cfheader>, so i tried:
getPageContext().getResponse().setHeader( "Access-Control-Allow-Origin", "*" ) that is a good basic solution imho.
for all undocumented getpageContext() refer to:
http://www.bennadel.com/blo...
regards

Comment 2 by Raymond Camden posted on 1/31/2014 at 4:39 PM

Err, I'm confused. The issue with cfheader was the bad quotes. The fix was to use proper quotes.

Comment 3 by Salvatore fusto posted on 1/31/2014 at 8:06 PM

Ray, time ago i tested an angular app working on my laptop, with an ip, fetching data from my server with another ip, using ajax, and of course i had CORS issues. i tried your solution, writing th code by hand with single and double quotes in attribute values, with no luck.
then i tested a jsonp call and getpageContext() as mentioned and all worked fine, jsonp and getPageContext().
regards

Comment 4 by Raymond Camden posted on 1/31/2014 at 8:27 PM

Hmm. If you can ever go back and revert to cfheader, let me know. I'd like to see it.