Kicking the tires on CommandBox..getting an error with form post.

It was ridiculously easy to get an existing app running on Lucce using CommandBox, however, I hit a bit of a snag.

When I try to login, I receive the following message: HTTP method POST is not supported by this URL

I am using an older version of FW/1 (2.1.1) and tried setting up the server to use URL rewriting pointing to my .htaccess file.

Here is my server.json:

{
“app”:{
“cfengine”:“lucee@4.5”
},
“web”:{
“webroot”:“wwwapp/www”,
“http”:{
“port”:“8080”
},
“rewrites”:{
“enable”:“true”,
“config”:“wwwapp/www/.htaccess”
}
},
“JVM”:{
“heapSize”:“1024”
}
}

Here is my .htaccess file

RewriteEngine on
RewriteCond %{REQUEST_URI} !.(gif|jpe?g|png|js|css)$ [NC]
RewriteCond %{REQUEST_URI} !/(assets|scratch|index.cfm|extensions|bugLog|railo-context|favicon.ico|robots.txt|tests) [NC]
RewriteRule ^(.*)$ /index.cfm/$1 [NC,L]

Has anyone run into this before? If so, how do I get around this issue?

I don’t see your NC rewrite rule for the Lucee admin endpoints. That means that your base rewrite rule to index.cfm is firing and any framework HTTP method restrictions would be kicking in.

I am not trying to use anything in Lucee admin, I am simply trying to login to my application itself.

FWIW - I am able to use the Lucee Admin without issue.

I also updated the .htaccess file to include ‘lucee’ instead of ‘railo-context’

Ah, my apologies, Scott. I misread. What are your route mappings, including methods for the route you are trying to POST to? Is that an allowed method?

http://framework-one.github.io/documentation/4.0/reference-manual.html#public-void-function-addroute-any-routes-string-target-any-methods----string-statuscode---

I never set up any route mappings - I am using an older version of FW/1 - 2.1.1.

This works fine when I run the app in the installed version of Lucee I have on my system.

Just to confirm, does it work on CommandBox if you turn off rewrites? I assume the error message you’re seeing is coming from FW/1. I would suggest dumping out the CGI scope and the output of getHTTPRequestData() in your Application.cfc’s onRequestStart() and see if everything looks kosher.

Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

The error is NOT coming from FW/1 (or Lucee). This is a screen cap of the page.

Also, turning off rewriting does not fix the issue.

This process works fine when I run the site under an installed version of Lucee on my computer.

Hmm, I’ve never seen that message before and have no idea where it could be coming from. CommandBox/Runwar/Undertow have no such checks or restrictions in place that I know of. If you put a dump/abort in the Application.cfc pseudo constructor, can you confirm that no CFML is running? Also, start the server with start --debug --console to see if there’s any helpful information there that shows what’s happening.

What is the exact URL that’s being hit that returns this message? Are CF’s native REST APIs at play here?

Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

Hey Scott, Jon and I were talking about this. I’m 99% certain that the action of your form is getting routed to a static handler instead of Lucee. I did a quick test and used Postman to send a POST request to an image file in one of my CommandBox servers and this was the reply I got back:

Error HTTP method POST is not supported by this URL

That’s coming from the low-level servlet that serves up static files like images and JS. I’d bet a dollar that something is messed up with the URLs and your form is somehow not posting to a URL that’s being mapped to CFML. If you can show us the exact URL that’s getting hit that might help narrow down what’s happening.

Also, what version of CommandBox are you using? The latest 3.7.0 release candidate has a ton of debugging information that can be turned on, including the Tuckey rewrite debugging. You can just do start --debug --console and the server will start up with the “out” logs streaming directly to the console. Use Ctrl+C to stop the server in this mode.

Thanks!

~Brad

ColdBox/CommandBox Developer Advocate
Ortus Solutions, Corp

E-mail: brad@coldbox.org
ColdBox Platform: http://www.coldbox.org
Blog: http://www.codersrevolution.com

Coldbox Version - v3.6.0+00647 (downloaded from CommandBox)
Java Version - 1.8.0_101

I am not sure how the URL in my application will be any use, but, here it is: http://127.0.0.1:8080/security/processLogin

I added a dump inside app.cfc and I received the same error message - with no dump output.

Here is what was in the console when I submit the form starting with --debug --console

2017-07-11 22:02:16 DEBUG io.undertow.request Matched default handler path /security/processLogin
2017-07-11 22:02:16 DEBUG io.undertow.request.security Attempting to authenticate HttpServerExchange{ POST /security/processLogin request {Accept=[text/html,applicati
on/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8], Accept-Language=[en-US,en;q=0.8], Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br],
DNT=[1], Origin=[http://127.0.0.1:8080], User-Agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537
.36], Connection=[keep-alive], Content-Length=[47], Content-Type=[application/x-www-form-urlencoded], Cookie=[gsScrollPos-1604=; gsScrollPos-1447=; LUCEE_ADMIN_LANG=e
n; cfid=75c34ef4-be49-4363-9d56-1597fe5ad7d2; cftoken=0; JSESSIONID=gVzDeOQ1LL2TP2IM1a6m3rKC0ERKzJbRpYine2wI; LUCEE_ADMIN_LASTPAGE=services.datasource], Referer=[http
://127.0.0.1:8080/], Upgrade-Insecure-Requests=[1], Host=[127.0.0.1:8080]} response {}}, authentication required: false
2017-07-11 22:02:16 DEBUG io.undertow.request.security Authentication outcome was NOT_ATTEMPTED with method io.undertow.security.impl.CachedAuthenticatedSessionMechan
ism@1ca29 for HttpServerExchange{ POST /security/processLogin request {Accept=[text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8],
Accept-Language=[en-US,en;q=0.8], Cache-Control=[max-age=0], Accept-Encoding=[gzip, deflate, br], DNT=[1], Origin=[http://127.0.0.1:8080], User-Agent=[Mozilla/5.0 (W
indows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36], Connection=[keep-alive], Content-Length=[47], Content-Type=[ap
plication/x-www-form-urlencoded], Cookie=[gsScrollPos-1604=; gsScrollPos-1447=; LUCEE_ADMIN_LANG=en; cfid=75c34ef4-be49-4363-9d56-1597fe5ad7d2; cftoken=0; JSESSIONID=
gVzDeOQ1LL2TP2IM1a6m3rKC0ERKzJbRpYine2wI; LUCEE_ADMIN_LASTPAGE=services.datasource], Referer=[http://127.0.0.1:8080/], Upgrade-Insecure-Requests=[1], Host=[127.0.0.1:
8080]} response {}}
2017-07-11 22:02:16 DEBUG io.undertow.request.security Authentication result was ATTEMPTED for HttpServerExchange{ POST /security/processLogin request {Accept=[text/h
tml,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,/;q=0.8], Accept-Language=[en-US,en;q=0.8], Cache-Control=[max-age=0], Accept-Encoding=[gzip,
deflate, br], DNT=[1], Origin=[http://127.0.0.1:8080], User-Agent=[Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.1
15 Safari/537.36], Connection=[keep-alive], Content-Length=[47], Content-Type=[application/x-www-form-urlencoded], Cookie=[gsScrollPos-1604=; gsScrollPos-1447=; LUCEE
_ADMIN_LANG=en; cfid=75c34ef4-be49-4363-9d56-1597fe5ad7d2; cftoken=0; JSESSIONID=gVzDeOQ1LL2TP2IM1a6m3rKC0ERKzJbRpYine2wI; LUCEE_ADMIN_LASTPAGE=services.datasource],
Referer=[http://127.0.0.1:8080/], Upgrade-Insecure-Requests=[1], Host=[127.0.0.1:8080]} response {}}
NOTIN