Expose ETag header

[michielbdejong]

Looking at

cliquet/cliquet/__init__.py

Lines 98 to 99 in 59fca2d

	default_cors_headers = ('Backoff', 'Retry-After', 'Alert',
	'Content-Length')

it seems the ETag header is not exposed. Confirmed this on dev.mozaws:

curl 'https://kinto.dev.mozaws.net/v1/buckets/default/collections/items/records' -H 'If-None-Match: "1453892512932"' -H 'Origin: http://localhost:8007' -H 'Accept-Encoding: gzip, deflate, sdch' -H 'Accept-Language: en-US,en;q=0.8' -H 'authorization: Basic dXNlcjpwYXNz' -H 'content-type: application/json' -H 'accept: application/json' -H 'Referer: http://localhost:8007/' -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/47.0.2526.111 Safari/537.36' -H 'Connection: keep-alive' -H 'If-Modified-Since: Wed, 27 Jan 2016 11:01:52 GMT' --compressed -i
HTTP/1.1 304 Not Modified
Access-Control-Allow-Origin: http://localhost:8007
Access-Control-Expose-Headers: Backoff,Retry-After,Alert,Content-Length
Date: Wed, 27 Jan 2016 13:01:06 GMT
ETag: "1453892512932"
Last-Modified: Wed, 27 Jan 2016 11:01:52 GMT
Server: nginx
Connection: keep-alive

[Natim]

It seems to still be the case with Kinto 1.11.0

The ETag is exposed on the 200 status code but not on the 304.

[michielbdejong]

Ah, I remember Apache (but not Nginx) does the same (because just like a 304 is supposed not to repeat the body of the request, it also shouldn't repeat all the headers from the earlier 200 to which it refers).

[Natim]

I have looked into it, but I am not sure how to plug cornice service.cors_supported_headers_for() in the raise_304 cliquet method.

It seems to be what we did in reapply_cors which should be called on raise_304: https://github.com/mozilla-services/cliquet/blob/master/cliquet/views/errors.py#L94-L115

[Natim]

Which is probably called because the header is present.

[Natim]

Ok I got it 🎱

Actually this happens with the default bucket only.

$ http https://kinto.dev.mozaws.net/v1/buckets/beers/collections/barley/records/15ff09fd-1dbc-4556-9101-08b85f62f776 \
    If-None-Match:'"1454075102101"' \
    --auth user:pass

HTTP/1.1 304 Not Modified
Access-Control-Expose-Headers: Content-Length, Expires, Alert, Retry-After, Last-Modified, ETag, Pragma, Cache-Control, Backoff
Connection: keep-alive
Date: Fri, 29 Jan 2016 13:45:27 GMT
ETag: "1454075102101"
Last-Modified: Fri, 29 Jan 2016 13:45:02 GMT
Server: nginx

[Natim]

This is because reapply_cors is looking for a service and default_bucket shortcut is not a service so it fallback to default header which doesn't includes GET ones.

[leplatrem]

This is a Kinto problem, related to the default bucket.
Fix was proposed here: https://github.com/Kinto/kinto/pull/404/files
Closing.