pages-server/server
Peter Gerber bc9111a05f Use correct timestamp format for Last-Modified header (#365)
HTTP uses GMT [1,2] rather than UTC as timezone for timestamps. However,
the Last-Modified header used UTC which confused at least wget.

Before, UTC was used:

$ wget --no-check-certificate -S --spider https://cb_pages_tests.localhost.mock.directory:4430/images/827679288a.jpg
...
  Last-Modified: Sun, 11 Sep 2022 08:37:42 UTC
...
Last-modified header invalid -- time-stamp ignored.
...

After, GMT is used:

$ wget --no-check-certificate -S --spider https://cb_pages_tests.localhost.mock.directory:4430/images/827679288a.jpg
...
  Last-Modified: Sun, 11 Sep 2022 08:37:42 GMT
...
(no last-modified-header-invalid warning)

[1]: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Last-Modified
[2]: https://www.rfc-editor.org/rfc/rfc9110#name-date-time-formats

Fixes #364

---

Whatt I noticed is that the If-Modified-Since header isn't accepted (neither with GMT nor with UTC):

```
$ wget --header "If-Modified-Since: Sun, 11 Sep 2022 08:37:42 GMT" --no-check-certificate -S --spider https://cb_pages_tests.localhost.mock.directory:4430/images/827679288a.jpg
Spider mode enabled. Check if remote file exists.
--2024-07-15 23:31:41--  https://cb_pages_tests.localhost.mock.directory:4430/images/827679288a.jpg
Resolving cb_pages_tests.localhost.mock.directory (cb_pages_tests.localhost.mock.directory)... 127.0.0.1
Connecting to cb_pages_tests.localhost.mock.directory (cb_pages_tests.localhost.mock.directory)|127.0.0.1|:4430... connected.
WARNING: The certificate of ‘cb_pages_tests.localhost.mock.directory’ is not trusted.
WARNING: The certificate of ‘cb_pages_tests.localhost.mock.directory’ doesn't have a known issuer.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  Allow: GET, HEAD, OPTIONS
  Cache-Control: public, max-age=600
  Content-Length: 124635
  Content-Type: image/jpeg
  Etag: "073af1960852e2a4ef446202c7974768b9881814"
  Last-Modified: Sun, 11 Sep 2022 08:37:42 GMT
  Referrer-Policy: strict-origin-when-cross-origin
  Server: pages-server
  Strict-Transport-Security: max-age=63072000; includeSubdomains; preload
  Date: Mon, 15 Jul 2024 21:31:42 GMT
Length: 124635 (122K) [image/jpeg]
Remote file exists
```

I would have expected a 304 (Not Modified) rather than a 200 (OK). I assume this is simply not supported and on production 304 is returned by a caching proxy in front of pages-server.

Reviewed-on: https://codeberg.org/Codeberg/pages-server/pulls/365
Reviewed-by: crapStone <codeberg@crapstone.dev>
Co-authored-by: Peter Gerber <peter@arbitrary.ch>
Co-committed-by: Peter Gerber <peter@arbitrary.ch>
2024-07-23 18:42:24 +00:00
..
acme Add option to disable DNS ACME provider (#290) 2024-04-18 17:05:20 +00:00
cache Add config file and rework cli parsing and passing of config values (#263) 2024-02-15 16:08:29 +00:00
certificates Use hashicorp's LRU cache for DNS & certificates (#315) 2024-05-26 20:05:46 +00:00
context Security Fix: clean paths correctly to avoid circumvention of BlacklistedPaths 2023-08-27 10:13:15 +02:00
database Add option to disable DNS ACME provider (#290) 2024-04-18 17:05:20 +00:00
dns Use hashicorp's LRU cache for DNS & certificates (#315) 2024-05-26 20:05:46 +00:00
gitea Rename gitea to forge in cli args and env variables (#339) 2024-05-26 14:45:03 +00:00
handler Use hashicorp's LRU cache for DNS & certificates (#315) 2024-05-26 20:05:46 +00:00
upstream Use correct timestamp format for Last-Modified header (#365) 2024-07-23 18:42:24 +00:00
utils Security Fix: clean paths correctly to avoid circumvention of BlacklistedPaths 2023-08-27 10:13:15 +02:00
version Release via CI (#94) 2022-06-14 20:35:11 +02:00
profiling.go Add option to start http server for profiling (#323) 2024-04-30 19:50:03 +00:00
startup.go Use hashicorp's LRU cache for DNS & certificates (#315) 2024-05-26 20:05:46 +00:00