January 3, 2012
We’re discussing some refactoring before releasing a cfpayment 1.0 and one of the things I’m working on is figuring out when to use ColdFusion’s in-built error handling and when to use HTTP status codes. Currently we use the throwonerror option for CFHTTP which results in issues like 404 throwing an exception. This works but as more and more services expose RESTful APIs which use status codes other than 200 to communicate results, this is not perfect.
That got me to thinking… what status codes does ColdFusion throw an error for when throwonerror is set to yes? Here’s the list for every HTTP status code:
CFHTTP with throwonerror=”yes”
| 200 | Returned normally with status 200 OK |
| 201 | Returned normally with status 201 Created |
| 202 | Returned normally with status 202 Accepted |
| 203 | Returned normally with status 203 Non-Authoritative Information |
| 204 | Returned normally with status 204 No Content |
| 205 | Returned normally with status 205 Reset Content |
| 206 | Returned normally with status 206 Partial Content |
| 207 | Returned normally with status 207 Multi-Status |
| 208 | Returned normally with status 208 Already Reported |
| 226 | Returned normally with status 226 IM Used |
| 300 | COM.Allaire.ColdFusion.HTTPMultipleChoices |
| 301 | COM.Allaire.ColdFusion.HTTPMovedPermanently |
| 302 | COM.Allaire.ColdFusion.HTTPMovedPermanently |
| 303 | COM.Allaire.ColdFusion.HTTPSeeOther |
| 304 | COM.Allaire.ColdFusion.HTTPNotModified |
| 305 | COM.Allaire.ColdFusion.HTTPUseProxy |
| 306 | Returned normally with status 306 Switch Proxy |
| 307 | Returned normally with status 307 Temporary Redirect |
| 308 | Returned normally with status 308 Resume Incomplete |
| 400 | COM.Allaire.ColdFusion.HTTPBadRequest |
| 401 | Returned normally with status 401 Unauthorized |
| 402 | COM.Allaire.ColdFusion.HTTPPaymentRequired |
| 403 | COM.Allaire.ColdFusion.HTTPForbidden |
| 404 | COM.Allaire.ColdFusion.HTTPNotFound |
| 405 | Returned normally with status 405 Method Not Allowed |
| 406 | COM.Allaire.ColdFusion.HTTPNotAcceptable |
| 407 | COM.Allaire.ColdFusion.HTTPProxyAuthenticationRequired |
| 408 | Returned normally with status 408 Request Timeout |
| 409 | COM.Allaire.ColdFusion.HTTPConflict |
| 410 | COM.Allaire.ColdFusion.HTTPGone |
| 411 | COM.Allaire.ColdFusion.HTTPFailure |
| 412 | COM.Allaire.ColdFusion.HTTPPreconditionFailed |
| 413 | COM.Allaire.ColdFusion.HTTPCFHTTPRequestEntityTooLarge |
| 414 | COM.Allaire.ColdFusion.HTTPRequestURITooLarge |
| 415 | COM.Allaire.ColdFusion.HTTPUnsupportedMediaType |
| 416 | Returned normally with status 416 Requested Range Not Satisfiable |
| 417 | Returned normally with status 417 Expectation Failed |
| 418 | Returned normally with status 418 I’m a teapot |
| 422 | Returned normally with status 422 Unprocessable Entity |
| 423 | Returned normally with status 423 Locked |
| 424 | Returned normally with status 424 Failed Dependency |
| 425 | Returned normally with status 425 Unordered Collection |
| 426 | Returned normally with status 426 Upgrade Required |
| 428 | Returned normally with status 428 Precondition Required |
| 429 | Returned normally with status 429 Too Many Requests |
| 431 | Returned normally with status 431 Request Header Fields Too Large |
| 444 | Returned normally with status 444 No Response |
| 449 | Returned normally with status 449 Retry With |
| 450 | Returned normally with status 450 Blocked by Windows Parental Controls |
| 499 | Returned normally with status 499 Client Closed Request |
| 500 | COM.Allaire.ColdFusion.HTTPServerError |
| 501 | COM.Allaire.ColdFusion.HTTPNotImplemented |
| 502 | COM.Allaire.ColdFusion.HTTPBadGateway |
| 503 | COM.Allaire.ColdFusion.HTTPServiceUnavailable |
| 504 | Returned normally with status 504 Gateway Timeout |
| 505 | COM.Allaire.ColdFusion.HTTPVersionNotSupported |
| 506 | Returned normally with status 506 Variant Also Negotiates |
| 507 | Returned normally with status 507 Insufficient Storage |
| 508 | Returned normally with status 508 Loop Detected |
| 509 | Returned normally with status 509 Bandwidth Limit Exceeded |
| 510 | Returned normally with status 510 Not Extended |
| 511 | Returned normally with status 511 Network Authentication Required |
| 598 | Returned normally with status 598 Network read timeout error |
| 599 | Returned normally with status 599 Network connect timeout error |
| 999 | Returned normally with status 999 Invalid HTTP status code |
I also ran it with throwonerror=”no”, which has almost the results you would expect with the exception of code 411:
CFHTTP with throwonerror=”no”
| 200 | Returned normally with status 200 OK |
| 201 | Returned normally with status 201 Created |
| 202 | Returned normally with status 202 Accepted |
| 203 | Returned normally with status 203 Non-Authoritative Information |
| 204 | Returned normally with status 204 No Content |
| 205 | Returned normally with status 205 Reset Content |
| 206 | Returned normally with status 206 Partial Content |
| 207 | Returned normally with status 207 Multi-Status |
| 208 | Returned normally with status 208 Already Reported |
| 226 | Returned normally with status 226 IM Used |
| 300 | Returned normally with status 300 Multiple Choices |
| 301 | Returned normally with status 301 Moved Permanently |
| 302 | Returned normally with status 302 Found |
| 303 | Returned normally with status 303 See Other |
| 304 | Returned normally with status 304 Not Modified |
| 305 | Returned normally with status 305 Use Proxy |
| 306 | Returned normally with status 306 Switch Proxy |
| 307 | Returned normally with status 307 Temporary Redirect |
| 308 | Returned normally with status 308 Resume Incomplete |
| 400 | Returned normally with status 400 Bad Request |
| 401 | Returned normally with status 401 Unauthorized |
| 402 | Returned normally with status 402 Payment Required |
| 403 | Returned normally with status 403 Forbidden |
| 404 | Returned normally with status 404 Not Found |
| 405 | Returned normally with status 405 Method Not Allowed |
| 406 | Returned normally with status 406 Not Acceptable |
| 407 | Returned normally with status 407 Proxy Authentication Required |
| 408 | Returned normally with status 408 Request Timeout |
| 409 | Returned normally with status 409 Conflict |
| 410 | Returned normally with status 410 Gone |
| 411 | Returned normally with status Connection Failure. Status code unavailable. |
| 412 | Returned normally with status 412 Precondition Failed |
| 413 | Returned normally with status 413 Request Entity Too Large |
| 414 | Returned normally with status 414 Request-URI Too Long |
| 415 | Returned normally with status 415 Unsupported Media Type |
| 416 | Returned normally with status 416 Requested Range Not Satisfiable |
| 417 | Returned normally with status 417 Expectation Failed |
| 418 | Returned normally with status 418 I’m a teapot |
| 422 | Returned normally with status 422 Unprocessable Entity |
| 423 | Returned normally with status 423 Locked |
| 424 | Returned normally with status 424 Failed Dependency |
| 425 | Returned normally with status 425 Unordered Collection |
| 426 | Returned normally with status 426 Upgrade Required |
| 428 | Returned normally with status 428 Precondition Required |
| 429 | Returned normally with status 429 Too Many Requests |
| 431 | Returned normally with status 431 Request Header Fields Too Large |
| 444 | Returned normally with status 444 No Response |
| 449 | Returned normally with status 449 Retry With |
| 450 | Returned normally with status 450 Blocked by Windows Parental Controls |
| 499 | Returned normally with status 499 Client Closed Request |
| 500 | Returned normally with status 500 Internal Server Error |
| 501 | Returned normally with status 501 Not Implemented |
| 502 | Returned normally with status 502 Bad Gateway |
| 503 | Returned normally with status 503 Service Unavailable |
| 504 | Returned normally with status 504 Gateway Timeout |
| 505 | Returned normally with status 505 HTTP Version Not Supported |
| 506 | Returned normally with status 506 Variant Also Negotiates |
| 507 | Returned normally with status 507 Insufficient Storage |
| 508 | Returned normally with status 508 Loop Detected |
| 509 | Returned normally with status 509 Bandwidth Limit Exceeded |
| 510 | Returned normally with status 510 Not Extended |
| 511 | Returned normally with status 511 Network Authentication Required |
| 598 | Returned normally with status 598 Network read timeout error |
| 599 | Returned normally with status 599 Network connect timeout error |
| 999 | Returned normally with status 999 Invalid HTTP status code |
Notice Status Code 411 doesn’t return a numerical status code but rather a string “Connection Failure. Status code unavailable.” The FileContent is set to “Connection Failure” while all other status codes are left blank (assuming that the request doesn’t return any data, as my test script does). Good to know.
Problematic SSL Certificates
For processing credit cards and payment processing transactions in general, the most insidious error I have run into is the “I/O Exception: peer not authenticated” error. This basically means ColdFusion is unable to read and authenticate the SSL certificate and initiate a secure connection. Generally this is either a self-signed certificate or, these days, a wildcard SSL certificate. Interestingly, ColdFusion handles these scenarios a little bit differently depending on how throwonerror is set:
| Test | ThrowOnError | Status/Message | ErrorDetail/Exception |
|---|---|---|---|
| Self-signed SSL Cert | Yes | Connection Failure: Status code unavailable | COM.Allaire.ColdFusion.HTTPFailure |
| Self-signed SSL Cert | No | Connection Failure. Status code unavailable. | I/O Exception: peer not authenticated |
| Wildcard SSL Cert | Yes | Connection Failure: Status code unavailable | COM.Allaire.ColdFusion.HTTPFailure |
| Wildcard SSL Cert | No | Connection Failure. Status code unavailable. | I/O Exception: peer not authenticated |
In summary, using throwonerror=no looks reasonably safe but you still must account for the catch-all COM.Allaire.ColdFusion.HTTPFailure. My battle-tested code (which has processed more than $15MM) suggests you also need to check for coldfusion.runtime.RequestTimedOutException which is a different kind of exception when CFHTTP times out or the page times out.
All Categories from Feedburner
Comments are closed.