diff options
author | Jeremy Daer <jeremydaer@gmail.com> | 2016-03-31 17:47:00 -0700 |
---|---|---|
committer | Jeremy Daer <jeremydaer@gmail.com> | 2016-03-31 18:15:32 -0700 |
commit | c1c9c690401bff43b350241cb58b6017ca5fe632 (patch) | |
tree | 872aefa9209475c9939c1ab219e0709b51358453 /actionpack/lib/action_controller/metal/request_forgery_protection.rb | |
parent | a26a3a075637215c9028308436ca89cba8da2ed5 (diff) | |
download | rails-c1c9c690401bff43b350241cb58b6017ca5fe632.tar.gz rails-c1c9c690401bff43b350241cb58b6017ca5fe632.tar.bz2 rails-c1c9c690401bff43b350241cb58b6017ca5fe632.zip |
Strong ETag validators
* Introduce `Response#strong_etag=` and `#weak_etag=` and analogous options
for `fresh_when` and `stale?`. `Response#etag=` sets a weak ETag.
Strong ETags are desirable when you're serving byte-for-byte identical
responses that support Range requests, like PDFs or videos (typically
done by reproxying the response from a backend storage service).
Also desirable when fronted by some CDNs that support strong ETags
only, like Akamai.
* No longer strips quotes (`"`) from ETag values before comparing them.
Quotes are significant, part of the ETag. A quoted ETag and an unquoted
one are not the same entity.
* Support `If-None-Match: *`. Rarely useful for GET requests; meant
to provide some optimistic concurrency control for PUT requests.
Diffstat (limited to 'actionpack/lib/action_controller/metal/request_forgery_protection.rb')
0 files changed, 0 insertions, 0 deletions