Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-19941

npm proxy outbound requests can send an invalid If-None-Match header value causing cached metadata assets to be replaced

    XMLWordPrintable

    Details

      Description

      Create an npm proxy repository to https://registry.npmjs.org with a metadata and component max age set to 1 for testing purposes. ( The default values when creating a new repo are presently as of 3.16.1 is 1440 minutes. ).

      Set the org.apache.http logger to DEBUG

      Send a request into Nexus for a npm package metadata, for example:

      npm view --registry=http://locahost:8081/repository/npm-proxy/semver
      

      NXRM fetches the metadata without issue:

      2019-05-15 13:35:47,613-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: ignoreCookies
      2019-05-15 13:35:47,613-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
      2019-05-15 13:35:47,614-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://registry.npmjs.org:443
      2019-05-15 13:35:47,629-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to registry.npmjs.org/104.16.16.35:443
      2019-05-15 13:35:47,629-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to registry.npmjs.org/104.16.16.35:443 with timeout 20000
      2019-05-15 13:35:47,644-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
      2019-05-15 13:35:47,645-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
      2019-05-15 13:35:47,645-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
      2019-05-15 13:35:47,696-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
      2019-05-15 13:35:47,697-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
      2019-05-15 13:35:47,697-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      2019-05-15 13:35:47,697-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=ssl891738.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
      2019-05-15 13:35:47,698-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [ssl891738.cloudflaressl.com, *.npmjs.org, npmjs.org]
      2019-05-15 13:35:47,698-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
      2019-05-15 13:35:47,699-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 172.20.1.158:61182<->104.16.16.35:443
      2019-05-15 13:35:47,699-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-3: set socket timeout to 20000
      2019-05-15 13:35:47,699-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Executing request GET /semver HTTP/1.1
      2019-05-15 13:35:47,699-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
      2019-05-15 13:35:47,699-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
      2019-05-15 13:35:47,699-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 >> GET /semver HTTP/1.1
      2019-05-15 13:35:47,700-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 >> Host: registry.npmjs.org
      2019-05-15 13:35:47,700-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 >> Connection: Keep-Alive
      2019-05-15 13:35:47,700-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 >> User-Agent: Nexus/3.16.1-02 (PRO; Mac OS X; 10.14.3; x86_64; 1.8.0_192)
      2019-05-15 13:35:47,700-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 >> Accept-Encoding: gzip,deflate
      2019-05-15 13:35:47,726-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << HTTP/1.1 200 OK
      2019-05-15 13:35:47,726-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Date: Wed, 15 May 2019 17:35:48 GMT
      2019-05-15 13:35:47,726-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Content-Type: application/json
      2019-05-15 13:35:47,726-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Transfer-Encoding: chunked
      2019-05-15 13:35:47,726-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Connection: keep-alive
      2019-05-15 13:35:47,726-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Set-Cookie: __cfduid=d2294f75a2ee04f1aec0292152cc1e25d1557941748; expires=Thu, 14-May-20 17:35:48 GMT; path=/; domain=.registry.npmjs.org; HttpOnly
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << CF-Cache-Status: HIT
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Cache-Control: max-age=300
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << CF-Ray: 4d76ded80e7cc1ac-IAD
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << ETag: W/"28632752319f6397709989221b722459"
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Last-Modified: Tue, 26 Mar 2019 23:30:09 GMT
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Vary: accept-encoding, accept
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << x-amz-meta-rev: 355-f1cc7e9c89e38da9a0c1b1ddcd280aaa
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Server: cloudflare
      2019-05-15 13:35:47,727-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.headers - http-outgoing-3 << Content-Encoding: gzip
      2019-05-15 13:35:47,729-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Connection can be kept alive for 30000 MILLISECONDS
      2019-05-15 13:35:47,730-0400 INFO  [qtp1669014052-216] *UNKNOWN org.sonatype.nexus.repository.httpclient.internal.HttpClientFacetImpl - Repository status for npm-proxy changed from READY to AVAILABLE - reason n/a for n/a
      2019-05-15 13:35:47,747-0400 DEBUG [qtp1669014052-216] *UNKNOWN org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-3: set socket timeout to 0
      2019-05-15 13:36:18,087-0400 DEBUG [nexus-httpclient-eviction-thread] *SYSTEM org.apache.http.impl.conn.CPool - Connection [id:3][route:{s}->https://registry.npmjs.org:443][state:null] expired @ Wed May 15 13:36:17 EDT 2019
      2019-05-15 13:36:18,090-0400 DEBUG [nexus-httpclient-eviction-thread] *SYSTEM org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-3: Close connection
      

      Then over 1 minute later, the metadata cache has expired. If a new request comes in for either the package metadata OR an already cached package distribution tgz, Nexus sends another outbound request as expected for the package metadata, with If-None-Match etag headers:

      2019-05-15 13:37:20,639-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.client.protocol.RequestAddCookies - CookieSpec selected: ignoreCookies
      2019-05-15 13:37:20,639-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.client.protocol.RequestAuthCache - Auth cache not set in the context
      2019-05-15 13:37:20,640-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Opening connection {s}->https://registry.npmjs.org:443
      2019-05-15 13:37:20,641-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connecting to registry.npmjs.org/104.16.16.35:443
      2019-05-15 13:37:20,641-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Connecting socket to registry.npmjs.org/104.16.16.35:443 with timeout 20000
      2019-05-15 13:37:20,655-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled protocols: [TLSv1, TLSv1.1, TLSv1.2]
      2019-05-15 13:37:20,655-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Enabled cipher suites:[TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
      2019-05-15 13:37:20,655-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Starting handshake
      2019-05-15 13:37:20,672-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory - Secure session established
      2019-05-15 13:37:20,672-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated protocol: TLSv1.2
      2019-05-15 13:37:20,672-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  negotiated cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
      2019-05-15 13:37:20,672-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer principal: CN=ssl891738.cloudflaressl.com, OU=PositiveSSL Multi-Domain, OU=Domain Control Validated
      2019-05-15 13:37:20,672-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  peer alternative names: [ssl891738.cloudflaressl.com, *.npmjs.org, npmjs.org]
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.conn.ssl.SSLConnectionSocketFactory -  issuer principal: CN=COMODO ECC Domain Validation Secure Server CA 2, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.impl.conn.DefaultHttpClientConnectionOperator - Connection established 172.20.1.158:61188<->104.16.16.35:443
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.impl.conn.DefaultManagedHttpClientConnection - http-outgoing-4: set socket timeout to 20000
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Executing request GET /semver HTTP/1.1
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Target auth state: UNCHALLENGED
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.impl.execchain.MainClientExec - Proxy auth state: UNCHALLENGED
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> GET /semver HTTP/1.1
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> If-Modified-Since: Tue, 26 Mar 2019 23:30:09 GMT
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> If-None-Match: "W/"28632752319f6397709989221b722459""
      2019-05-15 13:37:20,673-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Host: registry.npmjs.org
      2019-05-15 13:37:20,674-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Connection: Keep-Alive
      2019-05-15 13:37:20,674-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> User-Agent: Nexus/3.16.1-02 (PRO; Mac OS X; 10.14.3; x86_64; 1.8.0_192)
      2019-05-15 13:37:20,674-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 >> Accept-Encoding: gzip,deflate
      2019-05-15 13:37:20,701-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << HTTP/1.1 200 OK
      2019-05-15 13:37:20,701-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Date: Wed, 15 May 2019 17:37:21 GMT
      2019-05-15 13:37:20,701-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Content-Type: application/json
      2019-05-15 13:37:20,701-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Transfer-Encoding: chunked
      2019-05-15 13:37:20,701-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Connection: keep-alive
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Set-Cookie: __cfduid=d29b3a57c4b221d793c09055528114bab1557941841; expires=Thu, 14-May-20 17:37:21 GMT; path=/; domain=.registry.npmjs.org; HttpOnly
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << CF-Cache-Status: HIT
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Cache-Control: max-age=300
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << CF-Ray: 4d76e11d18a023ac-IAD
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << ETag: W/"28632752319f6397709989221b722459"
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Last-Modified: Tue, 26 Mar 2019 23:30:09 GMT
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Vary: accept-encoding, accept
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << x-amz-meta-rev: 355-f1cc7e9c89e38da9a0c1b1ddcd280aaa
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Server: cloudflare
      2019-05-15 13:37:20,702-0400 DEBUG [qtp1669014052-71] *UNKNOWN org.apache.http.headers - http-outgoing-4 << Content-Encoding: gzip
      

      Problem

      The format of the If-None-Match header is incorrectly formatted as If-None-Match: "W/"28632752319f6397709989221b722459"". It should be instead If-None-Match: W/"28632752319f6397709989221b722459" ( see https://tools.ietf.org/html/rfc7232#section-2.3 )

      The consequence is the remote server considers that it does not have an ETAG value that matches, and therefore returns 200 response with content for the latest metadata, instead of the expected 304 response. This in turn causes NXRM to delete its existing cached package metadata from the blobstore and replace it with the identical returned content from the remote.

      This is inefficient and under high load or an HA environment, introduces measurable overhead.

      First metadata asset .properties file
      #2019-05-15 13:37:20,735-0400
      #Wed May 15 13:37:20 EDT 2019
      deleted=true
      @BlobStore.created-by=anonymous
      creationTime=1557941747782
      @BlobStore.created-by-ip=127.0.0.1
      @BlobStore.content-type=application/json
      sha1=9cd405a5a99569929eff79b18bfab3fd58379d87
      @BlobStore.blob-name=semver
      deletedReason=Updating asset AttachedEntityId{asset->\#57\:0}
      @Bucket.repo-name=npm-proxy
      size=88020
      
      Second metadata asset .properties file
      #2019-05-15 13:37:20,729-0400
      #Wed May 15 13:37:20 EDT 2019
      @BlobStore.created-by=anonymous
      size=88020
      @Bucket.repo-name=npm-proxy
      creationTime=1557941840729
      @BlobStore.created-by-ip=127.0.0.1
      @BlobStore.content-type=application/json
      @BlobStore.blob-name=semver
      sha1=90e05f37d979ae2f55dafb524d07e39bfca19814
      

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              mjohnson Matt Johnson
              Reporter:
              plynch Peter Lynch
              Last Updated By:
              Joshua Hill Joshua Hill
              Team:
              NXRM - Morpheus
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response:

                  tigCommentSecurity.panel-title