schedule.xml / HTTP ETag
Context
The 37C3 Schedule app for Android fetches schedule data from https://fahrplan.events.ccc.de/congress/2023/fahrplan/schedule.xml
.
That worked great during the Congress!
The app passes the HTTP ETag value in each request which it found in the last response.
Expected
- An HTTP 200 status code is returned if the schedule data changed.
- An HTTP 304 status code is returned if the schedule data did not change.
- An ETag is returned in each response.
Observed
-
An HTTP 200 status code is returned every time for the Android app.
-
I can't tell for sure if this was the same during the Congress.
-
I cannot see an ETag being returned for the HTTP client of the Android app.
okhttp.OkHttpClient I <-- 200 https://fahrplan.events.ccc.de/congress/2023/fahrplan/schedule.xml (135ms) I server: nginx I date: Fri, 12 Jan 2024 20:41:54 GMT I content-type: text/xml; charset=utf-8 I alt-svc: h3=":443"; ma=2592000 I content-encoding: gzip I content-language: en I cross-origin-opener-policy: same-origin I last-modified: 2024-01-12T20:37:20.566281+00:00 I referrer-policy: strict-origin I vary: Accept-Encoding I vary: Accept-Language, Authorization, Cookie I x-content-type-options: nosniff I x-frame-options: SAMEORIGIN I x-xss-protection: 1; mode=block I strict-transport-security: max-age=63072000 I x-frame-options: sameorigin I x-content-type-options: nosniff I x-xss-protection: 1; mode=block
-
I can see an ETag being returned for this
curl
command.$ curl -I -H "If-None-Match: " https://fahrplan.events.ccc.de/congress/2023/fahrplan/schedule.xml /dev/null 2>&1 HTTP/2 200 server: nginx date: Fri, 12 Jan 2024 20:34:34 GMT content-type: text/xml; charset=utf-8 content-length: 997292 vary: Accept-Encoding alt-svc: h3=":443"; ma=2592000 content-language: en cross-origin-opener-policy: same-origin etag: EblqrvX last-modified: 2024-01-12T20:00:19.995564+00:00 referrer-policy: strict-origin vary: Accept-Encoding vary: Accept-Language, Authorization, Cookie x-content-type-options: nosniff x-frame-options: SAMEORIGIN x-xss-protection: 1; mode=block strict-transport-security: max-age=63072000 x-frame-options: sameorigin x-content-type-options: nosniff x-xss-protection: 1; mode=block
Has the server been changed after the Congress?
Edited by tbsprs