diff --git a/lib/WUI/nhttp/req_parser.cpp b/lib/WUI/nhttp/req_parser.cpp index 48ce491a13..b423720d68 100644 --- a/lib/WUI/nhttp/req_parser.cpp +++ b/lib/WUI/nhttp/req_parser.cpp @@ -306,13 +306,11 @@ bool RequestParser::nonce_valid(uint64_t nonce_to_check) const { uint32_t random = static_cast(nonce_to_check >> 32); uint32_t time = nonce_to_check & 0xffffffff; uint32_t age = ticks_s() - time; - // Make valid period for POST and PUT longer, to avoid infinit uploading - // loops if nonce get stale for upload request. - uint32_t max_valid_age = has_body(method) ? http::extended_valid_nonce_period : http::valid_nonce_period; + // sanity check if (nonce_random != 0) { // really valid? - if (random == nonce_random && age < max_valid_age) { + if (random == nonce_random && age < http::valid_nonce_period) { return true; } } diff --git a/src/common/http/types.h b/src/common/http/types.h index f577659371..155d9d3bb5 100644 --- a/src/common/http/types.h +++ b/src/common/http/types.h @@ -149,11 +149,12 @@ static const size_t MAX_URL_LEN = 168; using Url = std::array; // # of seconds after which nonce becomes stale for digest authentication -// the extended version is used for requests with body, so that PrusaLink -// hopefully never gets stale nonce for request uploading a gcode, which -// can cause an infinit upload loop, if the browser does not read errors -// before sending the whole body. -static const uint32_t valid_nonce_period = 5; -static const uint32_t extended_valid_nonce_period = 8; +// The value of 300 has been chosen as it's the default value used in the Apache +// web server, see: +// https://httpd.apache.org/docs/2.4/mod/mod_auth_digest.html#authdigestnoncelifetime +// +// This value use to be much lower but would cause issues with Safari-based browser +// See https://github.com/prusa3d/Prusa-Firmware-Buddy/issues/3287 +static const uint32_t valid_nonce_period = 300; } // namespace http