aboutsummaryrefslogtreecommitdiffstats
path: root/core
diff options
context:
space:
mode:
authorThomas Lange <code@nerdmind.de>2021-08-04 15:53:38 +0200
committerThomas Lange <code@nerdmind.de>2021-08-04 16:16:14 +0200
commitd677315331796d52bd1bcf5908964a53958469d6 (patch)
tree49eafe77c4d706b3f77e776efab6c67f99ebde9a /core
parentb73a4dd4958a7c5d507179fdd291a80d1382b743 (diff)
downloadblog-d677315331796d52bd1bcf5908964a53958469d6.tar.gz
blog-d677315331796d52bd1bcf5908964a53958469d6.tar.xz
blog-d677315331796d52bd1bcf5908964a53958469d6.zip
Use "strpos" to validate "If-None-Match" header
Remove those "trim" calls and use "strpos" to check if the ETag value generated by the system is contained somewhere in the "If-None-Match" request header sent by the client (if present). With this commit, the ETag header validation now also works with nginx. The nginx web server prefixes the "ETag" header generated by the system with the string "W/" which caused the previous validation code to fail. Instead of using multiple "trim" calls or "preg_replace", we now use a single, simple and fast "strpos" call to check if the system generated Etag hash value is contained in the "If-None-Match" request header.
Diffstat (limited to 'core')
-rw-r--r--core/application.php19
1 files changed, 5 insertions, 14 deletions
diff --git a/core/application.php b/core/application.php
index a907a27..8d0b8a3 100644
--- a/core/application.php
+++ b/core/application.php
@@ -181,26 +181,17 @@ if(Application::get('CORE.SEND_304') AND !defined('ADMINISTRATION')) {
#===========================================================================
# Define HTTP ETag header identifier
#===========================================================================
- $HTTP_ETAG_IDENTIFIER = md5(implode($Statement->fetch()));
+ $etag = md5(implode($Statement->fetch()));
#===========================================================================
# Send ETag header within the HTTP response
#===========================================================================
- HTTP::responseHeader(HTTP::HEADER_ETAG, "\"{$HTTP_ETAG_IDENTIFIER}\"");
+ HTTP::responseHeader(HTTP::HEADER_ETAG, "\"{$etag}\"");
#===========================================================================
- # Validate ETag header from the HTTP request
+ # Return "304 Not Modified" if the clients ETag value matches
#===========================================================================
- if(isset($_SERVER['HTTP_IF_NONE_MATCH'])) {
- $HTTP_IF_NONE_MATCH = $_SERVER['HTTP_IF_NONE_MATCH'];
- $HTTP_IF_NONE_MATCH = trim($HTTP_IF_NONE_MATCH, '"');
-
- # If the server adds the extensions to the response header
- $HTTP_IF_NONE_MATCH = rtrim($HTTP_IF_NONE_MATCH, '-br');
- $HTTP_IF_NONE_MATCH = rtrim($HTTP_IF_NONE_MATCH, '-gzip');
-
- if($HTTP_IF_NONE_MATCH === $HTTP_ETAG_IDENTIFIER) {
- Application::exit(NULL, 304);
- }
+ if(strpos($_SERVER['HTTP_IF_NONE_MATCH'] ?? '', $etag) !== FALSE) {
+ Application::exit(NULL, 304);
}
}