casperisfine
commented
1 year ago @colinbendell you didn't address my comment...
Closed colinbendell closed 1 year ago
casperisfine
commented
1 year ago @colinbendell you didn't address my comment...
colinbendell
commented
1 year ago Sorry! Missed this.
While you are strictly correct that a shortened INM will match an etag, the reality is that the etag we generate are 128bit hashes. For this reason I think practically speaking being more strict on the matches won’t yield any real benefits. If a fraudulent INM is sent with a truncated etag value, this might cause a 304, but this is a client misconfiguration issue and won’t reveal any untoward information.
On Thu, Mar 23, 2023 at 18:39 Jean byroot Boussier @.***> wrote:
@colinbendell https://github.com/colinbendell you didn't address my comment...
— Reply to this email directly, view it on GitHub https://github.com/Shopify/response_bank/pull/65#issuecomment-1482005644, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAMMERKLVBCKUUDREOIWJQDW5TGKHANCNFSM6AAAAAAWDHFPJA . You are receiving this because you were mentioned.Message ID: @.***>
casperisfine
commented
1 year ago I fixed it anyway: https://github.com/Shopify/response_bank/pull/66
HTTP Requests with If-None-Match should support quoted, weak and arrays of entity tags. This PR enables a more generous match for eTags to increase 304 responses.
Specifically, given an
etag: abc123value, the followingif-none-matchrequests should yield a 304:if-none-match: abc123if-none-match: "abc123"if-none-match: W/"abc123"if-none-match: "abc123", "def456"