Response is giving // slashes at start - Taffy - ColdFusion

Question

I have setup my first REST API and I am new to using the Taffy framework.

I have a site which is working on ColdFusion 10, IIS and using ColdBox. I have setup a hello world example in a directory. I am getting // two slashes in the response. Here is an example of the response:

//["hello","world"] 

My hello.cfc looks like this:

component extends="taffy.core.resource" taffy_uri="/hello" {

    function get(){
        return representationOf(['hello','world']);
    }

}

My application.cfc looks like this:

<cfcomponent extends="taffy.core.api">
    <cfscript>

        this.name = hash(getCurrentTemplatePath());
        this.mappings["/resources"] = listDeleteAt(cgi.script_name, listLen(cgi.script_name, "/"), "/") & "/resources";

        variables.framework = {};
        variables.framework.reloadKey = "reload";
        variables.framework.reloadPassword = "test";
        variables.framework.serializer = "taffy.core.nativeJsonSerializer";
        variables.framework.returnExceptionsAsJson = true;

        function onApplicationStart(){
            return super.onApplicationStart();
        }

        function onRequestStart(TARGETPATH){
            // reload app to make any envoirnmental changes
            if(structkeyexists(url,'reloadApp')){
                applicationStop();
                location('index.cfm');
            }
            // load Taffy onRequestStart before our stuff
            super.onRequestStart();

            if (request.taffyReloaded) {
                // reload ORM as well
                ORMReload();
            }
        }

        function onTaffyRequest(verb, cfc, requestArguments, mimeExt){
            return true;
        }
        function onError(Exception)
        {
            writeDump(Exception);
            abort;
        }
    </cfscript>
</cfcomponent>

Can anyone tell me where I am going wrong? Does this have something to do with using ColdBox?

Answer 1

That is coming from a server side setting in the ColdFusion admin, under settings. Prefix serialized JSON with. Beginning with ColdFusion 10 it is enabled by default for security. (I believe the feature was added with ColdFusion 9.) Protects web services, which return JSON data from cross-site scripting attacks by prefixing serialized JSON strings with a custom prefix. You could turn it off there but I do not recommend that. Instead you should handle it with your code.

See this post from Raymond Camden - Handling JSON with prefixes in jQuery and jQueryUI

NOTE: this setting can also be set per-application by setting secureJSON and secureJSONPrefix in your Application.cfc file. See the documentation about that here - Application variables.

secureJSON - A Boolean value that specifies whether to add a security prefix in front of the value that a ColdFusion function returns in JSON-format in response to a remote call.

The default value is the value of the Prefix serialized JSON setting in the Administrator Server Settings > Settings page (which defaults to false). You can override this value in the cffunction tag.

secureJSONPrefix - The security prefix to put in front of the value that a ColdFusion function returns in JSON-format in response to a remote call if the secureJSON setting is true.

The default value is the value of the Prefix serialized JSON setting in the Administrator Server Settings > Settings page (which defaults to //, the JavaScript comment character).