So when the form is submitted and as I am using SSL the connection is seen as it comes from an “untrusted” domain. Only when I restart the framework it starts working as expected.
The domain is retrieved from the SESBaseURL, which is set in the Routes.cfm.
If you took the standard Routes.cfm it has a line
`
setBaseURL(“http://#cgi.HTTP_HOST#”);
`
This means the domain will be set to the HTTP_HOST of your first request to the application (which was probably 74.127.59.243).
To avoid this, you can either hardcode the BaseURL in the Routes.cfm or use the baseURL argument in buildlink()
Maybe I will need to check the IP to see if I’m on production, but the think is that staging is the same IP, I’m just using a subdomain.
What would be the difference if I use CGI.SERVER_NAME instead?
This is actually fixed in ColdBox 5.0 where the SESBaseUrl supports multiple domains. It doesn’t cache the value anymore, but gets it from the CGI.HTTP_HOST on each request.
The way we fixed this before was using a requestContextDecorator to fix the buildlink method.
You just need to install the ses-on-request module. It uses whatever host is in the URL for the base URL. Alternatively, if you only ever want your app to use a single host for all URLs, just hard code it in routes.cfm and stop using cgi.http_host, which will just pick up whatever host is being used at the time the framework reinits.