https://bz.apache.org/bugzilla/show_bug.cgi?id=64265
Bug ID: 64265 Summary: ETag comparison does not properly implement RFC 7232, section 2.3.2 Product: Tomcat 8 Version: 8.5.x-trunk Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Catalina Assignee: dev@tomcat.apache.org Reporter: micha...@apache.org Target Milestone: ---- The mentioned section provides two types of comparisons, strong and weak. Here are the issues: * It is not properly documented which comparison functions is applied by the DefaultServlet * I believe that Tomcat implements either wrong. Here is the code in question: > while (!conditionSatisfied && commaTokenizer.hasMoreTokens()) { > String currentToken = commaTokenizer.nextToken(); > if (currentToken.trim().equals(eTag)) > conditionSatisfied = true; > } This means that Tomcat performs char-by-char comparison. This already contradicts both functions (likely). A simple example: $ curl "https://.../test/test.txt" -I > HTTP/1.1 200 > Accept-Ranges: bytes > ETag: W/"6-1585143822000" > Last-Modified: Wed, 25 Mar 2020 13:43:42 GMT > Content-Type: text/plain > Content-Length: 6 > Date: Wed, 25 Mar 2020 13:55:50 GMT Tomcat returns a weak etag, so try the weak function: > $ curl "https://.../test/test.txt" -H 'If-None-Match: W/"6-1585143822000"' -I > HTTP/1.1 304 > ETag: W/"6-1585143822000" > Date: Wed, 25 Mar 2020 13:58:01 GMT This one should match with weak: > $ curl "https://.../test/test.txt" -H 'If-None-Match: "6-1585143822000"' -I > HTTP/1.1 200 > Accept-Ranges: bytes > ETag: W/"6-1585143822000" > Last-Modified: Wed, 25 Mar 2020 13:43:42 GMT > Content-Type: text/plain > Content-Length: 6 > Date: Wed, 25 Mar 2020 13:58:28 GMT but it doesn't. It still returns 200. If I try strong logically, the following should give me a 200: > $ curl "https://.../test/test.txt" -H 'If-None-Match: W/"6-1585143822000"' -I > HTTP/1.1 304 > ETag: W/"6-1585143822000" > Date: Wed, 25 Mar 2020 13:59:24 GMT but it doesn't. It still returns 304. Am I wrong here? -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org