Opened 7 years ago

Closed 5 years ago

#29241 closed Bug (wontfix)

ConditionalGetMiddleware and x-sendfile

Reported by: TZanke Owned by: nobody
Component: Core (Cache system) Version: 1.11
Severity: Normal Keywords: sendfile
Cc: Triage Stage: Accepted
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description (last modified by Tim Graham)

We found a issue with ConditionalGetMiddleware in combination with apache x-sendfile (django-sendfile) and Django 1.11

In Django 1.10 we just use Last-Modified, which works fine. Now with Django 1.11 each response gets a ETag generated based on response.content. In the case of a x-sendfile response, the response.content is an empty string. So each time the file is accessed, the ETag generated by ConditionalGetMiddleware is the same. Regardless of the changed file/changed mtime.

So now the request has our Last-Modified header AND the Middleware generated ETag.
In get_conditional_response the ETag, which is always the same hash of empty string, is checked first and returns a 304. BUT the Last-Modification has changed and is ignored.

This looks like two bugs for me. First the ETag of the empty content string from x-sendfile respose. Second returning a 304 if ETag is the same but Last-Modified has changed.

Change History (6)

comment:1 by Tim Graham, 7 years ago

Description: modified (diff)

If there are two bugs, there should be two tickets. Will you offer some fixes?

comment:2 by Tim Graham, 7 years ago

Triage Stage: UnreviewedAccepted

comment:3 by Windson yang, 7 years ago

I can try to fix it. But it may take one week for me.

comment:4 by Flavio Curella, 5 years ago

I've created a ticket for the 304 issue: https://code.djangoproject.com/ticket/30812#ticket

comment:5 by Claude Paroz, 5 years ago

Now that #30812 is fixed, I think this should be closed, as the behavior of returning a 304 if ETag is the same but Last-Modified has changed is conforming to the specs.
See https://tools.ietf.org/html/rfc7232#section-6, entity tags are presumed to be more accurate than date validators.

comment:6 by Mariusz Felisiak, 5 years ago

Resolution: wontfix
Status: newclosed

Agreed, current behavior is RFC7232 compliant.

Note: See TracTickets for help on using tickets.
Back to Top