Feature #3233
limit repo server's abilty to track clients
Status: | Closed | Start date: | 04/08/2014 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | - | |||
Target version: | - | |||
Component: |
Description
// Get a remote file. Returns the HTTP response code. // If 'etag' is not null, it's passed to the server as an If-None-Match // header, in which case expect a 304 response if nothing changed. // In the event of a 200 response ONLY, 'retag' (which should be passed // empty) may contain an etag value for the response, or it may be left // empty if none was available.
The problem: The server can send unique etags, and use it as a GUID replacement.
Proposed solution: Make a HEAD request first and compare the etag with the stored one. If it does not match, then send the GET request, but without If-none-match header. This gives the server only one try to guess the etag.
History
#1 Updated by hans over 2 years ago
- Target version deleted (
134)
#2 Updated by hans almost 2 years ago
- Status changed from New to Closed
moved to here:
https://gitlab.com/fdroid/fdroidclient/issues/562