Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Scheduled Tasks not passing Authorization header

Description

Issue
While migrating an application's scheduled tasks from ACF to Lucee, I found that, even though the username and password were provided on the task, Lucee was not sending an Authorization header.

Using Powershell or Postman, I can use basic authentication on the exact same task URL and get the expected Authorization header. But, through the task, no header exists in the request.

I've got the same result with a standalone install of Lucee 5.3.6.61 on Windows Server 2016 and commandbox instances of Lucee on that same server and on Windows 10 with versions 5.3.2+77, 5.3.5+92 and 5.3.6+61

I've created the ask manually and through cfschedule(...), I've executed the task manually and on a scheduled interval. In all cases, there is no Authorization header. The only headers are;

  • Accept-Encoding

  • Connection

  • Content-Type

  • Host

  • User-Agent

Below is a simple test I've used to see this behavior. The resulting scheduled task passes an authorization header fine in all versions of ACF from ACF10 to ACF2018.

Environment

Windows 10, Windows Server 2016
Lucee 5.3.6.61 stand alone
Lucee with Commandbox (5.3.2+77 and up to the latest 5.3.6.61)

Attachments

4

Activity

Show:

Pothys - MitrahSoft 2 August 2022 at 05:57
Edited

I've checked this ticket with the lucee latest build 6.0.0.219-SNAPSHOT. Now the scheduled task passes the Authorization header

Zac Spitzer 29 July 2022 at 12:54

Pothys - MitrahSoft 31 December 2021 at 08:23

I added a fix to this ticket
Pull Request:

Pothys - MitrahSoft 22 September 2021 at 13:55

I've checked this ticket and replicated the issue in lucee latest version 5.3.9.11-SNAPSHOT too. Yes, the scheduled task doesn't pass the Authorization header. Seems ACF pass the Authorization header.

I added a testcase to this ticket
Pull Request:

bhartsfield 6 August 2020 at 12:49

I can also get the authorization header when specifying user and password in CFHTTP; that’s never been a problem.

Scheduled tasks, however, do not pass an authorization header.

Just update your getHeader.cfm to systemoutput(getHttpRequestData().headers) and you will see the difference between CFHTTP making the request and the scheduled task making the request.

Below are the results from your test.

From the scheduled task:

 

From CFHTTP

Fixed

Details

Assignee

Reporter

Priority

Labels

Fix versions

New Issue warning screen

Before you create a new Issue, please post to the mailing list first https://dev.lucee.org

Once the issue has been verified, one of the Lucee team will ask you to file an issue

Sprint

Affects versions

Created 8 June 2020 at 20:51
Updated 2 August 2022 at 06:43
Resolved 2 August 2022 at 05:57