On Sun, May 03, 2015 at 03:00:40PM +0000, Florian Obser wrote:
> On Sat, Apr 18, 2015 at 12:19:46PM -0500, jmp wrote:
> RFC 7232
>
> A recipient MUST ignore the If-Modified-Since header field if the
> received field-value is not a valid HTTP-date, or if the request
> method is neither GET nor HEAD.
> ^^^^^^^^^^^^^^^^^^^^
Does httpd allow any other types of requests through server_file.c? All
other types of requests should only get sent through the CGI scripts. It
doesn't make since to allow POST, PUT, etc.. through to the file
handler.
>
> > return (server_file_request(env, clt, path, &st));
> >
> > fail:
> > @@ -466,4 +471,24 @@ server_file_error(struct bufferevent *be
> > }
> > server_close(clt, "unknown event error");
> > return;
> > +}
> > +
> > +int
> > +server_file_modified_since(struct http_descriptor * desc, struct stat * st)
> > +{
> > + struct kv key, *since;
> > + struct tm tm;
> > +
> > + memset(&tm, 0, sizeof(struct tm));
> > +
> > + key.kv_key = "If-Modified-Since";
> > + if ((since = kv_find(&desc->http_headers, &key)) != NULL &&
> > + since->kv_value != NULL) {
> > + if (strptime(since->kv_value, "%a, %d %h %Y %T %Z", &tm) !=
> > NULL &&
> > + timeoff(&tm, 0L) >= st->st_mtim.tv_sec) {
> > + return 304;
> > + }
> > + }
>
> RFC 7231 defines 3 formats for HTTP-date and then goes on:
> A recipient that parses a timestamp value in an HTTP header field
> MUST accept all three HTTP-date formats.
>
> I think it's ok here to only parse one variation and ignore
> If-Modified-Since otherwise, we will just respond with a 200.
>
>From looking at Apache and nginx code, I wasn't able to see that they
used any other method. Like I said in my 'other' reply, we can always
extract this out to server_http since the Date header is created there.
