One of the rules to responding to a xero webhook POST is there must not be any cookies in the header.
In 4.5 latest this is achievable by setting this.SetClientCookies=false in application.cfc but in terms of the rest of my application means my responder script must live under its own application.cfc which is not very convenient when it comes to actually doing something with the data received.
It occurred to me that it could be possible to have a switch in onRequestStart() of my normal application.cfc
and then reverse it in onRequestEnd()
but I didn’t try it yet:
- when does onRequestEnd() fire? Before or after the actual response?
- since I’m adjusting an application variable, I’d imagine there is a significant risk that other simultaneous requests might be returned without cookies which would not be desirable.
I’m not that keen to manually assign cfid & tftoken in all regular pages when lucee does it for me very nicely.
Does anyone have any ideas how I can do this?
btw I tried an outgoing rewrite rule which nicely blanks all Set-Cookie: values but xero still chokes on it; there seems to be no way of actually deleting the keys in a rewrite rule. (iis 8.5)