Re: [tomcat] branch master updated: Improve entity tag handling

Tue, 11 Aug 2020 10:06:44 -0700 

Am 2020-08-11 um 18:53 schrieb Mark Thomas:

On 11/08/2020 17:29, Michael Osipov wrote:

Am 2020-08-11 um 16:52 schrieb ma...@apache.org:


<snip/>


commit bef507e1b7ac2eb0ff012d0d40035e218a5839cc
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Tue Aug 11 15:27:45 2020 +0100

      Improve entity tag handling


<snip/>


@@ -279,6 +280,8 @@ public class DefaultServlet extends HttpServlet {
        */
       private boolean allowPartialPut = true;
   +    protected boolean useWeakComparisonWithIfMatch = true;


I really must object this. It clearly violates RFC 7232, section 3.1:


Prior to this commit the code did not use a strong comparison for
If-Match contrary to the requirements of RFC 7232.

This commit does not change this behaviour (by default)

This commit adds an option so that RFC 7232 compliant behaviour can be
enabled by those who want it without breaking backwards compatibility
for any users that are reliant on the current, non-compliant behaviour.


    An origin server MUST use the strong comparison function when
    comparing entity-tags for If-Match...


Even an option for this is wrong. I agree that we cannto produce strong
ETags by default, but it is now better decoupled and a subclass can
handle this. Please retain the semantics as described in RFC 7232.


It isn't possible to retain the semantics of RFC 7232 because Tomcat
prior to this commit did not implement them.

If you look at the code prior to this commit, any "W/" was stripped from
the resource ETag and the ETag values in the If-Match header before
comparison. The result of doing that is that the comparison is
effectively a weak one rather than a strong one.

The option is required to preserve backwards compatibility.



Granted. This ultimately means that Tomcat 10 should remove this cruft 
and be RFC-compliant. For previous versions a comment about behavioral 
change/deprecation should be added too.


Can we agree on this?


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org























					Reply via email to