Fix #8897 Ignore conditional headers as per RFC7232 #8899
Conversation
Ignore date based headers if etag ones are present. Also avoid parsing dates unless necessary. Signed-off-by: Greg Wilkins <[email protected]>
| @@ -604,10 +604,14 @@ protected boolean passConditionalHeaders(HttpServletRequest request, HttpServlet | |||
| } | |||
|
|
|||
| // Parse the if[un]modified dates and compare to resource | |||
| if (ifums != -1 && content.getResource().lastModified() / 1000 > ifums / 1000) | |||
| if (ifums != null && ifm == null) | |||
There was a problem hiding this comment.
Since this is the ResourceService (handling only GET and HEAD), the If-Unmodified-* headers are never going to be seen here.
There was a problem hiding this comment.
Is it "never" or just very VERY rarely?
I'm inclined to leave support in for 10/11 and remove support in 12.
There was a problem hiding this comment.
Prior to RFC9110, the If-Unmodified-Since header was for unsafe methods (like POST) and had no meaning for safe methods (like GET).
But now https://www.rfc-editor.org/rfc/rfc9110#name-if-unmodified-since says ..
A client MAY send an If-Unmodified-Since header field in a GET request to indicate that it would prefer a 412 (Precondition Failed) response if the selected representation has been modified. However, this is only useful in range requests (Section 14) for completing a previously received partial representation when there is no desire for a new representation. If-Range (Section 13.1.5) is better suited for range requests when the client prefers to receive a new representation.
So I'm actually thinking we should instead add back support in Jetty 12.
jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java
Show resolved
Hide resolved
| @@ -595,7 +595,7 @@ protected boolean passConditionalHeaders(HttpServletRequest request, HttpServlet | |||
| return false; | |||
| } | |||
|
|
|||
| long ifmsl = request.getDateHeader(HttpHeader.IF_MODIFIED_SINCE.asString()); | |||
| long ifmsl = DateParser.parseDate(ifms); | |||
| if (ifmsl != -1 && content.getResource().lastModified() / 1000 <= ifmsl / 1000) | |||
There was a problem hiding this comment.
Per https://www.rfc-editor.org/rfc/rfc9110#section-13.1.3-7
A recipient MUST ignore the If-Modified-Since header field if the resource does not have a modification date available.
The value of content.getResource().lastModified() should be checked to know if the resource has a modification date and skip this check if it has no modification date.
jetty-server/src/main/java/org/eclipse/jetty/server/ResourceService.java
Show resolved
Hide resolved
Check a resource has a lastModified date Signed-off-by: Greg Wilkins <[email protected]>
Ignore date based headers if etag ones are present. Also avoid parsing dates unless necessary.
Signed-off-by: Greg Wilkins [email protected]