ERROR CODE:10 <cfhttp> email not send in cold fusion - cfhttp

No Account or Server API tokens were supplied in the HTTP headers. Please add a header for either X-Postmark-Server-Token or X-Postmark-Account-Token.
i'm trying this code but get above error!
cfset emailSettings = {
to = "f2020266005#umt.edu.pk",
from = "ben+from#bennadel.com",
subject = "PostMark Bounce Back Testing",
htmlBody = "<strong>All your emails are belong to us!</strong>"
} />
<!--- Post the email to the PostMark server. --->
<cfhttp
result="post"
method="post"
url="http://api.postmarkapp.com/email">
<!---
Alert the server that the we can accept JSON as the type of
data returned in the response.
--->
<cfhttpparam
type="header"
name="accept"
value="application/json"
/>
<!---
Alert the server that the email content will be serialized
in the post body as JSON text.
--->
<cfhttpparam
type="header"
name="content-type"
value="application/json"
/>
<!--- Define the API key to authorize post. --->
<cfhttpparam
name="Authorization"
type="header"
value="Bearer [my_api_key]"
/>
<!---
Post the serialized JSON email properties as the HTTP
message body.
--->
<cfhttpparam
type="body"
value="#serializeJSON( emailSettings )#"
/>
</cfhttp>
<!--- Output the post response (returned in JSON format). --->
<cfdump
var="#deserializeJSON( post.fileContent )#"
label="PostMark CFHTTP Response"
/>
expecting to get no error but this code give error in third
cfhttpparam tag

Related

How to fix internal server error 500 and refused to load image because of content security policy?

I am trying to store an image to mongodb in react. I am using multer to do the task. But image is not uploading because of the following error:
POST http://localhost:5000/uploadImage 500 (Internal Server Error)
Refused to load the image 'http://localhost:5000/favicon.ico' because it violates the following Content Security Policy directive: "default-src 'none'". Note that 'img-src' was not explicitly set, so 'default-src' is used as a fallback.
My localhost is running at 5000 port from where mongodb is connected as usual. And I am trying to send image from "http://localhost:3000"(react) through this way:
<form
action="http://localhost:5000/uploadImage"
method="POST"
className="mt-5"
>
<label htmlFor="input">Banner</label>
<input type="file" encType="multipart/form-data" name="myImage" />
<input type="submit" value="upload Image" />
</form>
How to fix that problem??
Please open index.html and find below tags:
<meta http-equiv="Content-Security-Policy" >
and replace with proper content by below instruction.
Content Security Policy: "img-src 'self' data:"

coldfusion mobile app - connection to remote database server under cfclient tag

I am writing a CF mobile app and am using the cfclient tag. I am encountering issues with remote datasource connections and can’t get it resolved.
From cfclient, I am using “rooms” as my datasource string which is defined in the CF Administrator as a data source. It is connecting to a remote SQL Server. “Tblblogs” exists in the "rooms" database, but under cfclient I get an error that: > No such table exists
However, if I take same query [blgQ] that selects “tblblogs” outside cfclient, it works fine and without issue. I am not sure why it is not making right datasource connection under cfclient (as defined in the administrator) .
<!DOCTYPE html>
<html >
<body>
<h2>Add Expense</h2>
<form >
<table >
<tr>
<td>Date:</td> <td><input type="date" id="dateTxt"></td>
</tr>
<tr>
<td>Amount:</td> <td><input type="number" id="amtTxt"></td>
</tr>
<tr>
<td>Description</td>
<td><input type="text" id="descTxt"></td>
</tr>
<tr>
<td colspan="2">
<button type="button" id="addBtn">Add</button>
</td>
</tr>
</table>
</form>
<h2>Expenses:</h2>
<table id="expList">
<tr>
<th>Date</th>
<th>Amount</th>
<th>Description</th>
</tr>
</table>
</body>
</html>
<script >
document.getElementById("addBtn").onclick = function(){
addExpense();
}
</script>
<!--- cfclient code starts here --->
<cfclient>
<cfset document.getElementById("expList").innerHTML =''>
<!--- on client side you do not need to pre-configure datasource --->
<cfset dsn = "rooms">
<cftry>
<!--- create database if not already created --->
<cfquery datasource="rooms">
create table if not exists expenses (
id integer primary key,
expense_date integer,
amount real,
desc text
)
</cfquery>
<!--- Get expense records from the table --->
<cfquery datasource="rooms" name="expenses">
select * from expense order by expense_date desc
</cfquery>
<cfset alert(expenses.amount)>
<!--- Loop over expenses query object and display --->
<cfloop query="expenses">
<cfset var tmpDate = new Date(expense_date)>
<cfset addExpenseRow(expense_date,amount,desc)>
</cfloop>
<cfcatch type="any" name="e">
<cfset alert(e.message)>
</cfcatch>
</cftry>
<!--- Helper function to add epxpense row to HTML table --->
<cffunction name="addExpenseRow" >
<cfargument name="expense_date" >
<cfargument name="amt" >
<cfargument name="desc" >
<cfoutput >
<cfsavecontent variable="rowHtml" >
<tr>
<td>#dateFormat(expense_date,"mm/dd/yyyy")#</td>
<td>#amt#</td>
<td>#desc#</td>
</tr>
</cfsavecontent>
</cfoutput>
<cfset document.getElementById("expList").innerHTML += rowHtml>
</cffunction>
<!--- Called from JS script block in response to click event for addBtn --->
<cffunction name="addExpense" >
<cfset var tmpDate = new Date(document.getElementById("dateTxt").value)>
<cfset var amt = Number(document.getElementById("amtTxt").value)>
<cfset var desc = document.getElementById("descTxt").value>
<!--- TODO: Do data validation --->
<cftry>
<!--- Insert expense row into database table --->
<cfquery datasource="rooms" result="result">
insert into expense (expense_date,amount,desc) values(
<cfqueryparam cfsqltype="cf_sql_date" value="#tmpDate.getTime()#">,
<cfqueryparam cfsqltype="cf_sql_numeric" value="#amt#">,
<cfqueryparam cfsqltype="cf_sql_varchar" value="#desc#">
)
</cfquery>
<cfcatch type="any" name="e">
<cfset alert(e.message)>
</cfcatch>
</cftry>
<!--- add the new expense row to HTML table --->
<cfset addExpenseRow(tmpDate,amt,desc)>
</cffunction>
</cfclient>
<cfquery datasource="rooms" name="blgQ">
select * from tblblogs
</cfquery>
<cfdump var="#blgQ#"
> Blockquote
<cfquery> on <cfclient> is not really the same thing as the regular <cfclient>.
It is intended to do light weight interactions with Web SQL. Web SQL is not universally supported, and it is not likely to. <cfclient> will also suffer from all the issues that plagued <cfform>. Namely javascript will move forward, but the code generated by this tag may not.
See Client side CFML For Mobile Development.
I suspect you are trying to do something that might be more appropriate with AJAX or REST

Coldfusion - How to prevent the execution of ajax "GET" query on the server

I'm developing an application in Coldfusion and AngularJS. I'm use AngularJS 1 and CF11.
A user has to be logged into the application. The user id is saved in the CF session.
In myAngularJS service I implemented Factories like that:
app.factory('ContactService', function($http){
var factory={};
factory.getContact=function(id){
return $http.post('http://myapp/contacts.cfc?method=getContacts&subsString=' + id);
};
return factory;
})
Here my component contacts.cfc
<cfcomponent displayname="Contacts" hint="Webservice for contacts app">
<cffunction name="getContacts" access="remote" returnformat="JSON" output="no">
<cfargument name="subsString" required="no" type="String" />
<cfset ret = arrayNew(1) />
<cftry>
<cfinclude template="cfc/person/qry/qry_Search.cfm" />
<cfloop from="1" to="#qryFastSearch.recordcount#" index="i">
<cfset searchVO = structNew() />
<cfset searchVO['ID']= #qryFastSearch.ID[i]# />
<cfset searchVO['PERSON']= #qryFastSearch.personName[i]# />
<cfset searchVO['COMPANY']= #qryFastSearch.COMPANY[i]# />
<cfset ret[i] = searchVO />
</cfloop>
<cfcatch type="any">
<cfset returnVO = structNew() />
<cfset returnVO.ERROR = true />
<cfset returnVO.MESSAGE = cfcatch.Message />
<cfset ret[1] = returnVO />
</cfcatch>
</cftry>
<cfreturn SerializeJSON(ret)>
</cffunction>
</cfcomponent>
When the system execute the controller, the factory is executed and the results appear. We can see in the console of the browser the url executed.
For example: http://myapp/contacts.cfc?method=getContacts&subsString=test
I would like to avoid a person to execute a query (thanks to this kind of url) if she is not connected into the application.
Is it equally possible to hide the url in the browser ?
What is the best way in order to do that ?
Many thanks in advance for your help.
To add to Dan's comment:
Ensure the user is logged in.
Check the value of CGI.REQUEST_METHOD. If it's not POST, then reject the request.
If you have roles & privileges, verify the user should access that URL.
Validate search parameters as best you can.
Since you're using $http.post(), you shouldn't be passing the subString in the query string. It should be part of the posted data to avoid browser caching and entries in the server logs that possibly shouldn't be there.
You state, "The user id is saved in the CF session". Pass it as an argument to your function.
<cffunction name="getContacts" access="remote" returnformat="JSON" output="no">
<cfargument name="subsString" required="no" type="String" />
<cfargument name="userId" required="yes" type="String" />
Then check for it.
<cfif StructKeyExists(session, "userId")
and session.userId is arguments.userId>
rest of function
<cfelse>
whatever you want goes here.

How do you define POST parameters using inputs in the request body?

I am making a POST request to a RESTFUL api and the only way I can pass the parameters is if I add them into the URL used in the forms 'action' parameter. As soon as I take those parameters and put them down into the form's body component the request no longer works. My question is how do I use the inputs within the form to define the request parameters instead of the embedding the parameters into the action URL?
I do notice that when I submit the request the request body parameters show up, but the actual request fails saying that the parameters are not there.
Here is the HTML:
<form target="hiddenIframe" method="POST" action="/rest/bpm/wle/v1/process/5853?action=addDocument&name=test123&docType=file&parts=none&accept=application/json&override-content-type=text/plain" enctype="multipart/form-data">
<input type="text" name="instanceId" value="5823" />
<input type="text" name="name" value="myTestQ1" />
<input type="text" name="docType" value="file" />
<input id="myFileName" type="file" name="data" />
<input type="submit"/>
</form>
<iframe name="hiddenIframe" id="hiddenIframe" style="display: none;" />
As you can see the action in the form tag is very long and is not dynamic... I would like to only have "/rest/bpm/wle/v1/process/" there, but when I do the upload fails.
I'd use some Javascript. Add an onchange to all the mandatory input fields. And the change method you'll be calling can update your action url with the new data from the form field.
Something like:
<input type="text" name="instanceId" value="5823" onchange="updateInstanceID()" id="instanceid" />
action="/rest/bpm/wle/v1/process/5853?action=addDocument&name=test123&docType=file&parts=none&accept=application/json&override-content-type=text/plain"
Now, your Javascript should have that method.
function updateInstanceID() {
var val = document.getElementById("instanceid").value;
var form = document.forms[0]; // assuming only one form on the page.
....
}
Now you can access your form.action field and update it accordingly.

GAE mail API reply_to feature

I have a feedback form, where users can leave comments. These comments will be emailed to me and users' email address will appears as reply_to in the header, which means I can address these comments if I click the "reply" button in the GMAIL. However, it seems like the 'reply-to' header does not work. Every time I click 'reply', I am writing to myself. Any suggestions?
The basic function is defined as below:
HTML CODE
<!-- The contact form-->
<form method="POST" action=contactus_output.html>
<table align="center" cellpadding="15" cellspacing="15">
<tr><th colspan="2" align="left"><h1>Contact Form</h1></th></tr>
<tr><th>Name:</th><td><input type="text" name="nm.name" id="id.name" required="required" /></td></tr>
<tr><th>Email:</th><td><input type="email" name="nm.email" id="id.email" required="required" /></td></tr>
<tr><th>Subject:</th><td><select id="sub" name="nm.sub" required="required"/><option value="" selected="selected">Select one of the subjects</option><option value="1" >Suggestion</option><option value="Bug report" >Bug report</option><option value="Other" >Other</option></select></td></tr>
<tr><th>Message:</th></tr>
<tr><th></th><td><textarea id="msg" rows="10" cols="40" name="nm.msg" required="required"></textarea></td></tr>
<tr><td colspan="2"><input type="submit" value=" Let us know! "></td></tr>
</table>
</form>
Python CODE
#define the function
def sendanemail(name,subj, rply, msg):
message = mail.EmailMessage(sender="Support <myapp#gmail.com>")
message.subject = subj
message.to = "Ubertool Support <myapp#gmail.com>"
message.reply_to= rply
message.cc = rply
message.body = '''A message submitted by %s, %s \n''' %(name, rply)
message.body = message.body+msg
message.send()
def post(self):
form = cgi.FieldStorage()
name = form.getvalue('nm.name')
rply = form.getvalue('nm.email')
subj = form.getvalue('nm.sub')
msg = form.getvalue('nm.msg')
sendanemail(name,subj, rply, msg)
Email header
from: Support myapp#gmail.com via 2uix4h7xygsz66weerlq.apphosting.bounces.google.com
reply-to: abc#gmail.com
to: Support <myapp#gmail.com>
cc: abc#gmail.com
date: Thu, Sep 20, 2012 at 5:20 PM
subject: Other
mailed-by: 2uix4h7xygsz66weerlq.apphosting.bounces.google.com
The problem is I click 'reply', my GMAIL replies to 'myapp#gmail.com', not 'abc#gmail.com'
The following is a summary of the comments.
The problem seems to be related to Gmail, as the Reply-To header is actually sent, and is because the sender and receiver are the same.
A workaround is to have a different sender and receiver address, to achieve that the email address <app-id>#<app-id>.appspotmail.com can be used.

Resources