Fix ETag handling for dynamic template responses #271
Conversation
This PR updates AsyncStaticWebHandler::handleRequest to correctly manage caching headers when template processing introduces dynamic content. The previous implementation always set ETag and Last-Modified headers based on the underlying filesystem metadata, which was misleading when templates generated non-static responses (e.g., current time). Issue ESP32Async#237 (ESP32Async#237) The new implementation: - Uses file-based ETag when .gz files or template callback is not present. - Ensures gzip files generate consistent ETag values using _getEtag. - For non-gzip files, generate ETag values using the timestamp or file size. - Returns 304 Not Modified only when If-None-Match matches the valid ETag. - Removed use of Variable Length Array and String, ensuring the same implementation works consistently on all platforms. This prevents browsers from incorrectly reusing cached content when template output is dynamic, ensuring correctness while still allowing efficient caching for static resources.
This comment was marked as outdated.
This comment was marked as outdated.
Sorry, something went wrong.
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
|
@JosePineiro @me-no-dev @willmmiles : FYI the previous behavior was using as an etag value the last modification time or file size to speed up file serving and avoid too many file reads, especially on concurrent requests. The drawback is that this is incorrect as per what an etag should be, and also incorrect in regard to the callback option (templating). This PR fixes that for gz file, keeps same behavior for non gz files and considers the callback value. That's a good fix + improvement, even if at the expense of more file reading for gz files. |
|
Thanks a lot @JosePineiro 👍 |
There was a problem hiding this comment.
Pull Request Overview
This PR fixes incorrect ETag handling in AsyncStaticWebHandler to properly manage caching for dynamic template responses. The previous implementation always generated ETags based on file metadata, causing browsers to incorrectly cache dynamic content when templates were used.
- Implements conditional ETag generation based on file type and template presence
- Updates gzip file handling to extract ETag from CRC trailer data
- Removes platform-specific Variable Length Array usage for better portability
Reviewed Changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
| src/literals.h | Removes unused MJS file type constant and adds GZ_LEN constant for gzip file detection |
| src/WebHandlers.cpp | Refactors handleRequest method to conditionally generate ETags and properly handle caching for template responses |
| src/ESPAsyncWebServer.h | Adds AsyncStaticWebHandler as friend class to access private _getEtag method |
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
src/WebHandlers.cpp
Outdated
| response->addHeader(T_Cache_Control, T_no_cache, true); | ||
| } | ||
| else if (_cache_control.length()) { | ||
| response->addHeader(T_Cache_Control, _cache_control.c_str(), false); |
There was a problem hiding this comment.
[nitpick] The else-if condition creates an asymmetric caching behavior where files with ETags always get 'no-cache' directive, while files without ETags might get custom cache control. This logic should be clarified or the cache control handling should be more consistent.
| response->addHeader(T_Cache_Control, T_no_cache, true); | |
| } | |
| else if (_cache_control.length()) { | |
| response->addHeader(T_Cache_Control, _cache_control.c_str(), false); | |
| } | |
| if (_cache_control.length()) { | |
| response->addHeader(T_Cache_Control, _cache_control.c_str(), false); | |
| } else { | |
| response->addHeader(T_Cache_Control, T_no_cache, true); |
Copilot uses AI. Check for mistakes.
+1 for using internal checksums for GZ files. A future PR could maybe generalize this for other kinds of content with some I'm glad to see the handling of templated content is getting some attention too. The previous behaviour of treating it as static was definitely not ideal! I do have some concerns though:
I think what I'd ask for is:
|
|
@willmmiles |
|
@JosePineiro : I think we all agree Etags are better but Will mentioned a good point in the fact that a user could decide to control themselves their caching based on their own rules. And I can say that this is typically what was often happening when serving files because caching management in the lib is quite new. So instead of forcing Etags, a better approach could be to read the user request headers and answer appropriately according to the spec in the best way we can |
In funcion void AsyncStaticWebHandler::handleRequest(AsyncWebServerRequest *request) add Last-Modified header if no GZ file or have template processor. Sugeestion of @willmmiles
|
I think the ETag system used in this PR is ideal for files without templates or GZIP. I can't think of any circumstances where a user would be harmed, even if they use a different system. In template files, we can respect user input in a generic way. This way, the user would have the best of both worlds: an automatic ETagsystem when possible and a manual system controlled by the user in all other cases. Handling ETag and Last-Modified simultaneously complicates and slows down the code. It also leads to potential conflicts whose resolution can be very obscure for the user. If the current behavior doesn't seem right, please tell me what you think is the best options:
|
|
Re cache_control: The most critical use case for cache_control is if the user has set "max-age" with the intent to reduce the number of transactions on static content. I think this must continue to be respected for static content. For microcontrollers, re-validation is not always the best policy -- every transaction has a cost in CPU time and memory and can affect the performance of other tasks. I think this decision should be left in the hands of the application author. Or to put it another way: sometimes it is preferable to sacrifice correctness in rare cases (ie. the cache may become stale when you perform a firmware update) for performance in the common case (everyday UI access). So I think the logic should be: Re Does that make sense? |
|
I think I understand what you're saying. We would send to the browser: This way, the browser won't request the page for the next hour. If the etag remains, we will send: What to do if Cache-Control contains "no-store" or "immutable"? In both cases, an "ETag" is pointless, but sending it won't cause any problems. I still think that if we can use "ETag," we shouldn't send "Last-Modified". If we can't use "ETag," we should send "Last-Modified" if it's user-defined. Does this seem like an acceptable solution to you? |
You got it! :)
I think we can do better. If we send the user "last modified time" as the ETag, then we don't have to parse "If-Modified-Since". Since ETags have no particular required format, I believe we can get away with this simplification. So code like: char etag_buf[9];
char* etag = etag_buf;
const char* tempFileName = request->_tempFile.name();
const size_t lenFilename = strlen(tempFileName);
if (_last_modified.length()) {
etag = _last_modified.c_str();
} else if (lenFilename > T__GZ_LEN && memcmp(tempFileName + lenFilename - T__GZ_LEN, T__gz, T__GZ_LEN) == 0) {
...(above code is not const-correct, but conveys the idea, I hope) |
If the user has defined them, "Last-Modified" and "Cache-Control" are always sent.
|
@willmmiles Implemented as specified in RFC 7232, section 2.4:
In RFC 7232, section 3.3: Please note that "entity-tag" is ALWAYS sent when "Last-Modified" is sent. Note for @willmmiles: |
| } | ||
| } | ||
| // 2. Otherwise, if there is no ETag and no Template processor but we have Last-Modified and Last-Modified matches | ||
| else if (*etag == '\0' && _callback == nullptr && _last_modified.length() > 0 && ims && *ims && strcmp(ims, _last_modified.c_str()) == 0) { |
There was a problem hiding this comment.
We should respect _last_modified if the user has set it even if they're running the template processor. While this feature could be misused, it provides a mechanism to explicitly allow caching behaviour for templates if the user calls setLastModified() when the template variables are updated.
There was a problem hiding this comment.
Please see bug #237.
This PR attempts to fix that bug. The behavior you suggest is precisely what's causing problems for the user.
If you think the bug is incorrect, please let me know, and I'll discard this PR.
There was a problem hiding this comment.
The proposed code still fixes that bug. You have removed the call to setLastModified() in the generation path, so unless the user has explicitly called setLastModified(), no "Last-Modified" header will be produced in non-static cases. The default behaviour would be correct for #237, without defeating an advanced user's ability to enable caching based on external knowledge of template state.
src/WebHandlers.cpp
Outdated
| // Get raw header pointers to avoid creating temporary String objects | ||
| const char* inm = request->header(T_INM).c_str(); // If-None-Match | ||
| const char* ims = request->header(T_IMS).c_str(); // If-Modified-Since | ||
|
|
||
| AsyncWebServerResponse *response; | ||
| bool notModified = false; | ||
| // 1. If the client sent If-None-Match and we have an ETag → compare | ||
| if (*etag != '\0' && inm && *inm) { | ||
| if (strcmp(inm, etag) == 0) { | ||
| notModified = true; | ||
| } | ||
| } | ||
| // 2. Otherwise, if there is no ETag and no Template processor but we have Last-Modified and Last-Modified matches | ||
| else if (*etag == '\0' && _callback == nullptr && _last_modified.length() > 0 && ims && *ims && strcmp(ims, _last_modified.c_str()) == 0) { | ||
| log_d("_last_modified: %s", _last_modified.c_str()); | ||
| log_d("ims: %s", ims); | ||
| notModified = true; | ||
| } |
There was a problem hiding this comment.
You can use references to avoid the use of raw pointers, eg. const String& inm = request->header(T_INM); -- but I'm not sure even that is actually required here, since the String needs to be referenced only once in both conditionals. We can omit the length check on the header() result as a missing header will return a vaild but empty string.
Also the log_d call needs to be gated on ESP32.
bool notModified = false;
// 1. If the client sent If-None-Match and we have an ETag → compare
if (*etag != '\0' && request->header(T_INM) == etag) {
notModified = true;
}
// 2. Otherwise, if there is no ETag but we have Last-Modified and Last-Modified matches
else if (*etag == '\0' && _last_modified.length() > 0 && request->header(T_IMS) == _last_modified) {
#ifdef ESP32
log_d("_last_modified: %s", _last_modified.c_str());
#endif
notModified = true;
}| //File is a gz, get etag from CRC in trailer | ||
| if (!AsyncWebServerRequest::_getEtag(request->_tempFile, etag)) { | ||
| // File is corrupted or invalid | ||
| log_e("File is corrupted or invalid: %s", tempFileName); |
There was a problem hiding this comment.
ESP32 logging call must be #ifdef'd on ESP32.
| request->_tempFile.close(); | ||
| response = new AsyncBasicResponse(304); // Not modified | ||
| } else { | ||
| response = new AsyncFileResponse(request->_tempFile, filename, emptyString, false, _callback); | ||
| } | ||
| if (!response) { |
There was a problem hiding this comment.
There's a regression here -- this check must also applied to the AsyncBasicResponse above.
This PR updates AsyncStaticWebHandler::handleRequest to correctly manage caching headers when template processing introduces dynamic content. The previous implementation always set ETag and Last-Modified headers based on the underlying filesystem metadata, which was misleading when templates generated non-static responses (e.g., current time). Issue #237
The new implementation:
This prevents browsers from incorrectly reusing cached content when template output is dynamic, ensuring correctness while still allowing efficient caching for static resources.