fix: serve() 304 with body; etag log spam before condition#12
Draft
troglodyne-bot wants to merge 1 commit into
Draft
fix: serve() 304 with body; etag log spam before condition#12troglodyne-bot wants to merge 1 commit into
troglodyne-bot wants to merge 1 commit into
Conversation
RFC 7232 §4.1 prohibits message bodies in 304 responses. serve() was opening and returning the file regardless of whether $code was 304. Added early return after the mtime/last_fetch check to skip the open() entirely for 304 responses — no body, no Content-Length, no Content-Encoding. _app() logged "METHOD 304 path" unconditionally when If-None-Match was present, before checking whether the ETag actually matched. Every request carrying If-None-Match appeared as a 304 in logs even when a full 200 was served. Moved the INFO call inside the matching branch. Also changed the ETag 304 body from [''] to [] for consistency with the serve() fix. Adds t/09_serve_304_etag.t (7 subtests) and t/lib/TPSGITestStubs.pm. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Two protocol and logging correctness fixes in
TPSGI.pm.Why
Bug 1 — RFC 7232 §4.1 violation:
serve()computed a 304 status whenIf-Modified-Sinceindicated the file hadn't changed, but then opened the file and returned it as the body anyway. Clients following the spec stall or double-count content; caches and CDNs can misbehave.Bug 2 — ETag log spam:
_app()logged"METHOD 304 path"unconditionally wheneverIf-None-Matchwas present in the request — before checking whether the ETag actually matched. Every request carrying that header appeared as a 304 in logs even when a full 200 response was sent. fail2ban matching on 304 patterns would produce false positives.How
serve(): earlyreturn [ 304, \@headers, [] ]after mtime/last_fetch comparison. Skipsopen(), gzip, and body construction for 304. Headers (Last-Modified, Vary, Content-Type, Cache-Control, Accept-Ranges) still present per RFC 7232._app()etag block: movedINFOcall inside the matching branch. Non-matching ETags no longer generate false 304 log entries.['']to[]for consistency.Testing
7 subtests in
t/09_serve_304_etag.t: