Description
Markus Malkusch opened SPR-11324 and commented
HTTP 1.1. recommends to send both ETag and Last-Modified header:
the preferred behavior for an HTTP/1.1 origin server is to send both a strong entity tag and a Last-Modified value. [..] If both an entity tag and a Last-Modified value have been provided by the origin server, [clients] SHOULD use both validators in cache-conditional requests. [..] upon receiving a conditional request that includes both [..] [server] MUST NOT return a response status of 304 (Not Modified) unless doing so is consistent with all of the conditional header fields in the request.
Spring's ServletWebRequest seems to be designed for an isolated use of one of them, but not both. If an application wants to implement validation for both the first checkNotModified() call has more significance. This is in particular relevant if the first sets the state to notModified. The next call has no more effect:
Here is a further test case for ServletWebRequestTests which demonstrates the issue:
@Test
public void checkNotModifiedETagAndTimeStamp() {
String currentETag = "\"Foo\"";
String oldEtag = "Bar";
servletRequest.setMethod("GET"); // Also for HEAD
servletRequest.addHeader("If-None-Match", oldEtag );
long currentTime = new Date().getTime();
servletRequest.setMethod("GET"); // Also for HEAD
servletRequest.addHeader("If-Modified-Since", currentTime);
request.checkNotModified(currentTime);
request.checkNotModified(currentETag);
assertEquals(200, servletResponse.getStatus());
assertEquals(currentETag, servletResponse.getHeader("ETag"));
}
Affects: 4.0 GA
Reference URL: http://www.w3.org/Protocols/rfc2616/rfc2616-sec13.html#sec13.3.4
This issue is a sub-task of #16413
Issue Links:
- Add support for public/private Cache-Control HTTP header [SPR-7129] #11789 Add support for public/private Cache-Control HTTP header
Referenced from: commits 0175068, 953608e
0 votes, 7 watchers