Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/Rest/ConditionalHeaderUtil.php

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

178 lines
6 KiB
PHP
Raw Normal View History

Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
<?php
namespace MediaWiki\Rest;
use MediaWiki\Rest\HeaderParser\HttpDate;
use MediaWiki\Rest\HeaderParser\IfNoneMatch;
build: Upgrade mediawiki/mediawiki-phan-config from 0.13.0 to 0.14.0 manually * Switch out raw Exceptions, mostly for InvalidArgumentExceptions. * Fake exceptions triggered to give Monolog a backtrace are for some reason "traditionally" RuntimeExceptions, instead, so we continue to use that pattern in remaining locations. * Just entirely give up on PostgresResultWrapper's resource vs. object mess. * Drop now-unneeded false positive hits. Change-Id: Id183ab60994cd9c6dc80401d4ce4de0ddf2b3da0
2024-02-08 23:12:50 +00:00
use RuntimeException;
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
use Wikimedia\Timestamp\ConvertibleTimestamp;
class ConditionalHeaderUtil {
Rest: Add missing documentation to class properties Add doc-typehints to class properties found by the PropertyDocumentation sniff to improve the documentation. Once the sniff is enabled it avoids that new code is missing type declarations. This is focused on documentation and does not change code. Change-Id: Idf17719c875466810313f0fbbf16bc67f3e40059
2024-09-07 19:49:56 +00:00
/** @var bool */
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
private $varnishETagHack = true;
Rest: Add missing documentation to class properties Add doc-typehints to class properties found by the PropertyDocumentation sniff to improve the documentation. Once the sniff is enabled it avoids that new code is missing type declarations. This is focused on documentation and does not change code. Change-Id: Idf17719c875466810313f0fbbf16bc67f3e40059
2024-09-07 19:49:56 +00:00
/** @var string|null */
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
private $eTag;
Rest: Add missing documentation to class properties Add doc-typehints to class properties found by the PropertyDocumentation sniff to improve the documentation. Once the sniff is enabled it avoids that new code is missing type declarations. This is focused on documentation and does not change code. Change-Id: Idf17719c875466810313f0fbbf16bc67f3e40059
2024-09-07 19:49:56 +00:00
/** @var int|null */
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
private $lastModified;
Rest: Add missing documentation to class properties Add doc-typehints to class properties found by the PropertyDocumentation sniff to improve the documentation. Once the sniff is enabled it avoids that new code is missing type declarations. This is focused on documentation and does not change code. Change-Id: Idf17719c875466810313f0fbbf16bc67f3e40059
2024-09-07 19:49:56 +00:00
/** @var bool */
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
private $hasRepresentation;
/**
* Initialize the object with information about the requested resource.
*
* @param string|null $eTag The entity-tag (including quotes), or null if
* it is unknown.
* @param string|int|null $lastModified The Last-Modified date in a format
* accepted by ConvertibleTimestamp, or null if it is unknown.
* @param bool|null $hasRepresentation Whether the server has a current
* representation of the target resource. This should be true if the
* resource exists, and false if it does not exist. It is used for
* wildcard validators -- the intended use case is to abort a PUT if the
* resource does (or does not) exist. If null is passed, we assume that
* the resource exists if an ETag was specified for it.
*/
public function setValidators( $eTag, $lastModified, $hasRepresentation ) {
$this->eTag = $eTag;
if ( $lastModified === null ) {
$this->lastModified = null;
} else {
Add explicit casts between scalar types * Some functions accept only string, cast ints and floats to string * After preg_matches or explode() casts numbers to int to do maths * Cast unix timestamps to int to do maths * Cast return values from timestamp format function to int * Cast bitwise operator to bool when needed as bool * php internal functions like floor/round/ceil documented to return float, most cases the result is used as int, added casts Found by phan strict checks Change-Id: Icb2de32107f43817acc45fe296fb77acf65c1786
2022-02-26 16:28:48 +00:00
$this->lastModified = (int)ConvertibleTimestamp::convert( TS_UNIX, $lastModified );
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
}
Replace some tivial ??= with even more trivial ?? Patch Ifa7a9bc replaced some longer `=== null` constructs with the new ??= operator we have since PHP 7.4. However, some of these can be simplified even more with the ?? operator we have since PHP 7.0. Follow-Up: Ifa7a9bc7b2ec415ad7ecb23f4c1776f51f58fd6b Change-Id: I7b05e723810558bb5437adc97eab54ca04d38c06
2022-12-22 07:17:13 +00:00
$this->hasRepresentation = $hasRepresentation ?? ( $eTag !== null );
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
}
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
/**
* If the Varnish ETag hack is disabled by calling this method,
* strong ETag comparison will follow RFC 7232, rejecting all weak
* ETags for If-Match comparison.
*
* @param bool $hack
*/
public function setVarnishETagHack( $hack ) {
$this->varnishETagHack = $hack;
}
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
/**
* Check conditional request headers in the order required by RFC 7232 section 6.
*
* @param RequestInterface $request
* @return int|null The status code to immediately return, or null to
* continue processing the request.
*/
public function checkPreconditions( RequestInterface $request ) {
$parser = new IfNoneMatch;
if ( $this->eTag !== null ) {
$resourceTag = $parser->parseETag( $this->eTag );
if ( !$resourceTag ) {
build: Upgrade mediawiki/mediawiki-phan-config from 0.13.0 to 0.14.0 manually * Switch out raw Exceptions, mostly for InvalidArgumentExceptions. * Fake exceptions triggered to give Monolog a backtrace are for some reason "traditionally" RuntimeExceptions, instead, so we continue to use that pattern in remaining locations. * Just entirely give up on PostgresResultWrapper's resource vs. object mess. * Drop now-unneeded false positive hits. Change-Id: Id183ab60994cd9c6dc80401d4ce4de0ddf2b3da0
2024-02-08 23:12:50 +00:00
throw new RuntimeException( 'Invalid ETag returned by handler: `' .
Rest/HeaderParser: Give full context rather than simply `Expected """` Also make the error thrown by ConditionalHeaderUtil slightly more obvious where the upstream content ends and the context starts. Bug: T350852 Change-Id: Ia76c0974487f151c3ca37fba2c666143bd435843
2024-01-30 16:25:01 +00:00
$parser->getLastError() . '`' );
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
}
} else {
$resourceTag = null;
}
$getOrHead = in_array( $request->getMethod(), [ 'GET', 'HEAD' ] );
if ( $request->hasHeader( 'If-Match' ) ) {
$im = $request->getHeader( 'If-Match' );
$match = false;
foreach ( $parser->parseHeaderList( $im ) as $tag ) {
Rest: Reduce code duplication in ConditionalHeaderUtil Change-Id: Ie02976fee5a0e7846b81c2450313659a2538e482
2024-08-08 13:33:51 +00:00
if ( ( $tag['whole'] === '*' && $this->hasRepresentation ) ||
$this->strongCompare( $resourceTag, $tag )
) {
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
$match = true;
break;
}
}
if ( !$match ) {
return 412;
}
} elseif ( $request->hasHeader( 'If-Unmodified-Since' ) ) {
$requestDate = HttpDate::parse( $request->getHeader( 'If-Unmodified-Since' )[0] );
if ( $requestDate !== null
&& ( $this->lastModified === null || $this->lastModified > $requestDate )
) {
return 412;
}
}
if ( $request->hasHeader( 'If-None-Match' ) ) {
$inm = $request->getHeader( 'If-None-Match' );
foreach ( $parser->parseHeaderList( $inm ) as $tag ) {
Rest: Reduce code duplication in ConditionalHeaderUtil Change-Id: Ie02976fee5a0e7846b81c2450313659a2538e482
2024-08-08 13:33:51 +00:00
if ( ( $tag['whole'] === '*' && $this->hasRepresentation ) ||
$this->weakCompare( $resourceTag, $tag )
) {
ConditionalHeaderUtil: Handle `If-None-Match: *` The relevant section in the RFC says the following: > If the field-value is "*", the condition is false if the origin > server has a current representation for the target resource. > An origin server that evaluates an If-None-Match condition MUST NOT > perform the requested method if the condition evaluates to false; > instead, the origin server MUST respond with either a) the 304 (Not > Modified) status code if the request method is GET or HEAD or b) the > 412 (Precondition Failed) status code for all other request methods. https://httpwg.org/specs/rfc9110.html Bug: T319382 Change-Id: Ieb3269d61de42242602ec9c46e19c4f2c3b37f6e
2022-10-06 15:05:44 +00:00
return $getOrHead ? 304 : 412;
}
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
}
} elseif ( $getOrHead && $request->hasHeader( 'If-Modified-Since' ) ) {
$requestDate = HttpDate::parse( $request->getHeader( 'If-Modified-Since' )[0] );
if ( $requestDate !== null && $this->lastModified !== null
&& $this->lastModified <= $requestDate
) {
return 304;
}
}
// RFC 7232 states that If-Range should be evaluated here. However, the
// purpose of If-Range is to cause the Range request header to be
// conditionally ignored, not to immediately send a response, so it
// doesn't fit here. RFC 7232 only requires that If-Range be checked
// after the other conditional header fields, a requirement that is
// satisfied if it is processed in Handler::execute().
return null;
}
/**
* Set Last-Modified and ETag headers in the response according to the cached
* values set by setValidators(), which are also used for precondition checks.
*
* If the headers are already present in the response, the existing headers
* take precedence.
*
* @param ResponseInterface $response
*/
public function applyResponseHeaders( ResponseInterface $response ) {
if ( $this->lastModified !== null && !$response->hasHeader( 'Last-Modified' ) ) {
$response->setHeader( 'Last-Modified', HttpDate::format( $this->lastModified ) );
}
if ( $this->eTag !== null && !$response->hasHeader( 'ETag' ) ) {
$response->setHeader( 'ETag', $this->eTag );
}
}
/**
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
* The weak comparison function, per RFC 7232, section 2.3.2.
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
*
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
* @param array|null $resourceETag ETag generated by the handler, parsed tag info array
* @param array|null $headerETag ETag supplied by the client, parsed tag info array
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
* @return bool
*/
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
private function weakCompare( $resourceETag, $headerETag ) {
if ( $resourceETag === null || $headerETag === null ) {
Rest: Fix various scalar and null types Change-Id: Ifb9a0c8faf6be1d6247d610e9f32dbbb5e4d0acd
2022-03-09 19:29:02 +00:00
return false;
}
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
return $resourceETag['contents'] === $headerETag['contents'];
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
}
/**
* The strong comparison function
*
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
* A strong ETag returned by the server may have been "weakened" by Varnish when applying
* compression. So optionally ignore the weakness of the header.
* {@link https://varnish-cache.org/docs/6.0/users-guide/compression.html}.
* @see T238849 and T310710
*
* @param array|null $resourceETag ETag generated by the handler, parsed tag info array
* @param array|null $headerETag ETag supplied by the client, parsed tag info array
*
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
* @return bool
*/
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
private function strongCompare( $resourceETag, $headerETag ) {
if ( $resourceETag === null || $headerETag === null ) {
PHP 7.4 fixes All errors currently seen in Travis: * Function ReflectionType::__toString() is deprecated * Trying to access array offset on value of type null * Array and string offset access syntax with curly braces is deprecated Bug: T233012 Change-Id: I9619fcae5dd8b633f8c579b924aec311343da880
2019-11-22 08:00:47 +00:00
return false;
}
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
return !$resourceETag['weak']
&& ( $this->varnishETagHack || !$headerETag['weak'] )
&& $resourceETag['contents'] === $headerETag['contents'];
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
}
REST: Allow weak ETags to match strong ETags. This changes handling of the If-Match header so a weak ETag coming from the client may match a strong ETag generated by the handler. This is needed because ETags may get "weakened" on the way to the client by proxies and middleware, e.g. Varnish applying compression, see <https://varnish-cache.org/docs/6.0/users-guide/compression.html>. This behavior is technically a violation of RFC 7232 section 3.1, but it should actually be safe: A client sending a weak ETag is still ok with getting a strong match, and a handler that generates a strong ETag knows that it can rely on strong semantics holding, even if the tag sent by the client is weak. Bug: T310710 Bug: T238849 Change-Id: I2a604f2f46719a5f74ddac1b1fa58c8a36910240
2022-06-22 12:44:20 +00:00
Conditional request support * Added ConditionalHeaderUtil, a conditional request helper class meant for composition into Handler. I evaluated the composer package micheh/psr7-cache for this role but I decided that I prefer DIY code rather than some rather ugly glue. * Check conditional request headers prior to entry into Handler::execute(). Contrary to what was previously documented, use the results of getLastModified() and getETag() to set headers in the response. This is convenient and can be overridden in the Handler if desired by overriding a one-line function. * Instead of locking up header parsing inside ConditionalHeaderUtil as was done in micheh/psr7-cache, make a start on a new reusable header parsing framework, with recursive descent parsers for HTTP-date and IfNoneMatch. Change-Id: I260809081cad7701df8620ab03834158670d4230
2019-09-30 06:15:30 +00:00
}
Reference in a new issue Copy permalink