Blog

ColdBox 4.0 Error Handling

ColdBox MVC, Tutorials
Brad Wood January 29, 2015

Spread the word

Brad Wood

January 29, 2015

Spread the word

Share your thoughts

Ortus Solutions

ColdBox has always provided nice, automatic error handling for your code.  Errors in your application are caught for you, and you can respond to them via convention-based methods, event handlers, or even interception points as you see fit.  (Read more on ColdBox error handling here)

If you do nothing, ColdBox will render a nicely formatted page with all the original exception information plus extra details about the ColdBox request which can be handy for debugging.  Due to our focus on security-by-default in ColdBox 4, we found that a large  number of people never change the default error template and their production servers give out way too much information!  Even though having a 'detailed' template by default was convenient, it wasn't secure.  

Therefore, we now ship ColdBox with two error templates.  (Of course you are still encouraged to make your own custom ones.)

  • BugReport.cfm
  • BugReport-Public.cfm

Get Your Info Back

BugReport-Public is what is enabled by default.  It outputs very little information so the baddies can't use your default error template as an attack vector to gather information about your server.  Don't worry though, the original error template (BugReport) is still there and can easily be enabled at any time. 

To get your old error template back, simply add the customErrorTemplate setting in your /config/ColdBox.cfc like so:

coldbox = {
	customErrorTemplate = "/coldbox/system/includes/BugReport.cfm"
};

Note: you can point to any valid .cfm file with this setting.  Feel free to create your own themed error template that matches your site's layout.  Just remember, this is not a view-- just a stand-alone .cfm file that can only access the variables.exception object.

An Even Better Way

We don't recommend just changing the setting like that because you're likely to forget and put yourself back at square 1 again when you push your code to production.  What's best is to leave the production error template to a 'secure' one and add a development override that only uses the public template on your development servers.  

coldbox = {
	customErrorTemplate = "/includes/myCustomPrettyErrorPage.cfm"
};

environments = {
	development = "localhost"
};

function development(){
	coldbox.customErrorTemplate = "/coldbox/system/includes/BugReport.cfm";
};

Now, your default production setting is your custom pretty error page, but on your dev server you get the juicy details.  Make sure you've also configured some LogBox logging on production so you have some way to get your error messages!

Read more about ColdBox 4 compatibility here:

http://wiki.coldbox.org/wiki/Compatibility:4.0.0.cfm

Install ColdBox 4.0 with CommandBox today with this simple command:

CommandBox> install coldbox

Add Your Comment

Recent Entries

ContentBox v6.1 Released

ContentBox v6.1 Released

In this release, we're thrilled to unveil a series of significant enhancements and upgrades to ContentBox designed to elevate your experience and considerably improve system performance. Our team has focused on integrating the latest CommandBox migrations and ColdBox Core, which ensures that the core system continues to operate with maximum efficiency and stability. This upgrade is part of our ongoing commitment to maintaining a cutting-edge platform that meets the evolving needs of our users.

Luis Majano
Luis Majano
March 19, 2025
Introducing BoxLang Gen AI: A Unified API for Large Language Models

Introducing BoxLang Gen AI: A Unified API for Large Language Models

We are thrilled to introduce BoxLang Gen AI, a powerful and intuitive module that brings seamless AI generation capabilities to your BoxLang applications. With a fluent, functional API, this module allows developers to interact with multiple AI providers in a consistent and abstracted manner.

Luis Majano
Luis Majano
March 18, 2025