You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by GitBox <gi...@apache.org> on 2020/07/31 11:22:32 UTC

[GitHub] [tomcat] stokito commented on a change in pull request #325: BZ 64265 Fix and simplify weak ETag matching

stokito commented on a change in pull request #325:
URL: https://github.com/apache/tomcat/pull/325#discussion_r463554358



##########
File path: java/org/apache/catalina/servlets/DefaultServlet.java
##########
@@ -2611,6 +2574,44 @@ private PrecompressedResource(WebResource resource, CompressionFormat format) {
         }
     }
 
+    /**
+     * RFC 7232 requires weak comparison for If-None-Match
+     */
+    private boolean matchByEtagWeak(String headerValue, String eTag) {
+        // Match W/"1" and W/"1"
+        if (headerValue.contains(eTag)) {
+            return true;
+        }
+        // Match W/"1" and "1"
+        String resourceEtag = weakEtagToStrong(eTag);
+        if (headerValue.contains(resourceEtag)) {
+            return true;
+        }
+        // asterisk checked last as rarely used
+        return headerValue.equals("*");
+    }
+
+    /**
+     * RFC 7232 requires strong comparison for If-Match
+     */
+    private boolean matchByEtagStrong(String headerValue, String eTag) {
+        // BZ 64265: Default servlet uses weak matching so we strip any leading "W/" and
+        // then compare using equals
+        String resourceEtag = weakEtagToStrong(eTag);
+        StringTokenizer commaTokenizer = new StringTokenizer(headerValue, ",");

Review comment:
       yes, because contains() can't be used for the strict comparison. We can do a similar custom function (i.e. without creation of heavy StringTokenizer) but TBH the `If-Match` is used rarely and as far I understood it was intended for WebDav's PUT requests.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org