diff options
author | Thomas Lange <code@nerdmind.de> | 2021-08-04 15:53:38 +0200 |
---|---|---|
committer | Thomas Lange <code@nerdmind.de> | 2021-08-04 16:16:14 +0200 |
commit | d677315331796d52bd1bcf5908964a53958469d6 (patch) | |
tree | 49eafe77c4d706b3f77e776efab6c67f99ebde9a /core | |
parent | b73a4dd4958a7c5d507179fdd291a80d1382b743 (diff) | |
download | blog-d677315331796d52bd1bcf5908964a53958469d6.tar.gz blog-d677315331796d52bd1bcf5908964a53958469d6.tar.xz blog-d677315331796d52bd1bcf5908964a53958469d6.zip |
Use "strpos" to validate "If-None-Match" header
Remove those "trim" calls and use "strpos" to check if the ETag value
generated by the system is contained somewhere in the "If-None-Match"
request header sent by the client (if present).
With this commit, the ETag header validation now also works with nginx.
The nginx web server prefixes the "ETag" header generated by the system
with the string "W/" which caused the previous validation code to fail.
Instead of using multiple "trim" calls or "preg_replace", we now use a
single, simple and fast "strpos" call to check if the system generated
Etag hash value is contained in the "If-None-Match" request header.
Diffstat (limited to 'core')
-rw-r--r-- | core/application.php | 19 |
1 files changed, 5 insertions, 14 deletions
diff --git a/core/application.php b/core/application.php index a907a27..8d0b8a3 100644 --- a/core/application.php +++ b/core/application.php @@ -181,26 +181,17 @@ if(Application::get('CORE.SEND_304') AND !defined('ADMINISTRATION')) { #=========================================================================== # Define HTTP ETag header identifier #=========================================================================== - $HTTP_ETAG_IDENTIFIER = md5(implode($Statement->fetch())); + $etag = md5(implode($Statement->fetch())); #=========================================================================== # Send ETag header within the HTTP response #=========================================================================== - HTTP::responseHeader(HTTP::HEADER_ETAG, "\"{$HTTP_ETAG_IDENTIFIER}\""); + HTTP::responseHeader(HTTP::HEADER_ETAG, "\"{$etag}\""); #=========================================================================== - # Validate ETag header from the HTTP request + # Return "304 Not Modified" if the clients ETag value matches #=========================================================================== - if(isset($_SERVER['HTTP_IF_NONE_MATCH'])) { - $HTTP_IF_NONE_MATCH = $_SERVER['HTTP_IF_NONE_MATCH']; - $HTTP_IF_NONE_MATCH = trim($HTTP_IF_NONE_MATCH, '"'); - - # If the server adds the extensions to the response header - $HTTP_IF_NONE_MATCH = rtrim($HTTP_IF_NONE_MATCH, '-br'); - $HTTP_IF_NONE_MATCH = rtrim($HTTP_IF_NONE_MATCH, '-gzip'); - - if($HTTP_IF_NONE_MATCH === $HTTP_ETAG_IDENTIFIER) { - Application::exit(NULL, 304); - } + if(strpos($_SERVER['HTTP_IF_NONE_MATCH'] ?? '', $etag) !== FALSE) { + Application::exit(NULL, 304); } } |