[PATCH] Not Modified: prefer entity tags over date validators

Piotr Sikora piotr at cloudflare.com
Sun Nov 23 11:40:43 UTC 2014


Hey Maxim,

> Sure.  We do adhere RFC2616 here.  The problem is that RFC7232 is
> different, and there are no known reasons why it should.

RFC7232 obsoletes RFC2616, so it should be pretty clear which one to
respect in places they differ.

> The same applies to RFC2616, but it mandates different behaviour.
> So what's the problem with checking both date and ETag?

Checking both validators can easily result in false-negatives, i.e. it
is possible to send legitimate conditional request that would pass
strong entity tags validation, but fail weak date validation, because
clients can send requests with "If-Modified-Since: date of the
response" that fails on the web servers using stricter than required
"exact" logic (i.e. nginx).

Checking only the strongest validator prevents this from happening.

Best regards,
Piotr Sikora



More information about the nginx-devel mailing list