Microsoft IIS - URLScan remove header setting breaking CFCharts.

This is just an interesting fix we found to an issue we were having after installing Microsoft URLScan in one of our servers to better manage security.

In order to reduce exposure of our server's identity via its HTTP header we set the URLScan tool to remove it. As a side effect, our application pages that displayed cfcharts were no longer working. It was obvious that cfchart needed the header in there. Luckily there was another issue and fix in the ColdFusion TechNotes that although unrelated to URLScan had a promising fix, this issue posted here makes sure that ColdFusion "explicitly generates HTTP headers before the chart data". Low and Behold, the fix worked. Although one of my colleagues had found another fix online, it required you creating your own header using cfsavecontent and some other tricks.. although it seemed elegant at first, this required your code to change due to an external issue. By implemeting the fix above, we don't have to make our cfchart code any different then as if URLScan wasn't installed.

Comments
BlogCFC was created by Raymond Camden. This blog is running version 5.003. Powered by ColdFusion Server v8,0,1,195765.