CODEWITHSUNDEEP
coldfusion
Sterling Archer
Sterling Archer

Reputation: 22415

cgi.SERVER_NAME reverts origin

I have two versions of a site, one for spanish, one for english. The spanish subdomain is set via IIS and a C Name (network admin told me, I'm not sure how or what that means), it's not a separate subdomain.

es.website.com
en.website.com

Now, when I use CGI.SERVER_NAME on my development server, everything works nicely. However, in production, when I'm on es.website.com, despite my Application.cfc settings, it thinks the origin is en.website.com, which throws off my <cfheader name="Access-Control-Allow-Origin" value="#application.site#">.

Here is how I differentiate the domains and sites to determine which content must be in spanish:

application.subdomain = ListFirst(cgi.SERVER_NAME, ".");
if (application.test) {
    if (application.subdomain == "en") {
        application.site = "http://en.dev.website.com/";
    } else {
        application.site = "http://es.dev.website.com/";
    }
} else {
    if (application.subdomain == "en") {
        application.site = "http://en.website.com/";
    } else {
        application.site = "http://es.website.com/";
    }
}

I cannot figure out why when on other pages, application.sites is clearly es.website.com, yet on some pages, the cgi.server_name reverts to en.website.com. Any insight?

Upvotes: 1

Views: 426

Answers (1)

Pete Freitag
Pete Freitag

Reputation: 1031

If you are storing it in an application scoped variable then users can change the variable mid request. You don't see this on your dev server because you don't have any concurrent users.

Assume you have a request to en.website.com then 1 millisecond later a request to es.website.com both requests will share the same application scope, the second request will change the value of application.site to the ES version.

A better solution would be to use a request scoped variable for this since the value differs by request.

Another less elegant solution would be to make sure each site has a different application name, for example:

this.name = LCase(cgi.server_name) & "_website";

That would cause each domain to have its own application scope, which depending on how your web server is setup could lead to a denial of service condition (if you allow any domain to hit the application).

Upvotes: 10

Related Questions