Skip to content

feat: add HTTP conditional request support (If-Match, If-None-Match)#187

Merged
bosschaert merged 1 commit intomainfrom
conditionals
Nov 24, 2025
Merged

feat: add HTTP conditional request support (If-Match, If-None-Match)#187
bosschaert merged 1 commit intomainfrom
conditionals

Conversation

@karlpauls
Copy link
Collaborator

Implements RFC 7232 conditional request headers for GET/HEAD/PUT/POST API operations.

Changes

  • Conditional GET/HEAD: Returns 304 Not Modified when If-None-Match matches, reducing bandwidth for unchanged resources
  • Conditional PUT/POST: Returns 412 Precondition Failed when If-Match fails, enabling optimistic locking and preventing lost updates
  • Wildcard support: If-Match:* and If-None-Match:* for update-only and create-only semantics
  • ETag exposure: All responses now include ETag header for client-side caching

Implementation Details

Conditional headers are extracted in daCtx and passed through the handler → route → storage layers. When client conditionals are provided, 412 failures return immediately to the caller.

For HEAD requests, conditionals are passed via fetch headers since presigned URLs don't execute middleware. The If-Match:* wildcard validates resource existence, then switches to the actual ETag for
the PUT operation to prevent race conditions.

@codecov
Copy link

codecov bot commented Nov 14, 2025

Codecov Report

❌ Patch coverage is 99.49749% with 1 line in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
src/storage/utils/version.js 50.00% 1 Missing ⚠️

📢 Thoughts on this report? Let us know!

@karlpauls karlpauls marked this pull request as ready for review November 21, 2025 10:07
@bosschaert bosschaert merged commit 190afd8 into main Nov 24, 2025
4 checks passed
@bosschaert bosschaert deleted the conditionals branch November 24, 2025 11:44
adobe-bot pushed a commit that referenced this pull request Dec 4, 2025
# 1.0.0 (2025-12-04)

### Bug Fixes

* add IMS offline token validation ([#109](#109)) ([ba7f961](ba7f961))
* add more tests for getObject ([#148](#148)) ([7055d3c](7055d3c))
* add semantic release ([#213](#213)) ([86b608d](86b608d))
* build ([51c6255](51c6255))
* consistently use 'syncadmin' (no intercaps) ([#198](#198)) ([3197624](3197624))
* CopySource needs to be encoded ([#210](#210)) ([1ab3fc8](1ab3fc8))
* do not respond a 404 on error ([#184](#184)) ([b1d10c8](b1d10c8))
* error when copying a file that exists ([#185](#185)) ([7215387](7215387))
* get handler returns undefined ([#168](#168)) ([aa55ce5](aa55ce5))
* last modified header for source ([#145](#145)) ([edf1de1](edf1de1))
* non-https links in docs ([#190](#190)) ([661db82](661db82))
* only invalidate collab for html documents ([#167](#167)) ([71e6a1c](71e6a1c)), closes [#166](#166)
* persist creds ([d5dfed1](d5dfed1))
* pin s3 client version due to problems with DOMParser ([#201](#201)) ([1f93628](1f93628))
* preserve content type when copying ([#182](#182)) ([4e83525](4e83525))
* put/post to source responds with hlx.page / hlx.live ([#209](#209)) ([0415ef4](0415ef4))
* versioning timestamp for version and document itself ([#144](#144)) ([a384662](a384662))
* **versionsource:** "delegate" permission check to api ([#179](#179)) ([04b17f2](04b17f2))
* when catching exceptions don't rely on $metadata being set ([#170](#170)) ([5e121f0](5e121f0)), closes [#169](#169)

### Features

* add a restore point if body is empty ([#173](#173)) ([65cbf32](65cbf32))
* add HTTP conditional request support (If-Match, If-None-Match) ([#187](#187)) ([190afd8](190afd8))
* do not create a version for binaries ([#211](#211)) ([92ea28a](92ea28a))
* handle bad requests ([#204](#204)) ([5ae63c5](5ae63c5))
* handle bad requests ([#214](#214)) ([be0dc49](be0dc49)), closes [#204](#204) [#212](#212)
* no version for binaries ([dd98406](dd98406))
* preserve content type in versions ([#177](#177)) ([5182cd5](5182cd5))
* return last modified for source based on timestamp ([#142](#142)) ([2b3454b](2b3454b))
* send shared secret to collab ([#202](#202)) ([6636423](6636423))

### Reverts

* Revert "feat: handle bad requests ([#204](#204))" ([#212](#212)) ([306fcb5](306fcb5))
* Revert "Fine grained access control ([#108](#108))" ([#118](#118)) ([68918ca](68918ca))
* Revert "fix: last modified header for source ([#145](#145))" ([#147](#147)) ([20b1a61](20b1a61))
* Revert "fix: versioning timestamp for version and document itself ([#144](#144))" ([#146](#146)) ([f626da7](f626da7))
* Revert "Revert "fix: last modified header for source"" ([#149](#149)) ([767629c](767629c)), closes [#145](#145) [#147](#147)
adobe-bot pushed a commit that referenced this pull request Dec 4, 2025
# 1.0.0 (2025-12-04)

### Bug Fixes

* add IMS offline token validation ([#109](#109)) ([ba7f961](ba7f961))
* add more tests for getObject ([#148](#148)) ([7055d3c](7055d3c))
* add semantic release ([#213](#213)) ([86b608d](86b608d))
* build ([51c6255](51c6255))
* consistently use 'syncadmin' (no intercaps) ([#198](#198)) ([3197624](3197624))
* CopySource needs to be encoded ([#210](#210)) ([1ab3fc8](1ab3fc8))
* do not respond a 404 on error ([#184](#184)) ([b1d10c8](b1d10c8))
* error when copying a file that exists ([#185](#185)) ([7215387](7215387))
* get handler returns undefined ([#168](#168)) ([aa55ce5](aa55ce5))
* last modified header for source ([#145](#145)) ([edf1de1](edf1de1))
* non-https links in docs ([#190](#190)) ([661db82](661db82))
* only invalidate collab for html documents ([#167](#167)) ([71e6a1c](71e6a1c)), closes [#166](#166)
* persist creds ([d5dfed1](d5dfed1))
* pin s3 client version due to problems with DOMParser ([#201](#201)) ([1f93628](1f93628))
* preserve content type when copying ([#182](#182)) ([4e83525](4e83525))
* put/post to source responds with hlx.page / hlx.live ([#209](#209)) ([0415ef4](0415ef4))
* versioning timestamp for version and document itself ([#144](#144)) ([a384662](a384662))
* **versionsource:** "delegate" permission check to api ([#179](#179)) ([04b17f2](04b17f2))
* when catching exceptions don't rely on $metadata being set ([#170](#170)) ([5e121f0](5e121f0)), closes [#169](#169)

### Features

* add a restore point if body is empty ([#173](#173)) ([65cbf32](65cbf32))
* add HTTP conditional request support (If-Match, If-None-Match) ([#187](#187)) ([190afd8](190afd8))
* do not create a version for binaries ([#211](#211)) ([92ea28a](92ea28a))
* handle bad requests ([#204](#204)) ([5ae63c5](5ae63c5))
* handle bad requests ([#214](#214)) ([be0dc49](be0dc49)), closes [#204](#204) [#212](#212)
* no version for binaries ([dd98406](dd98406))
* preserve content type in versions ([#177](#177)) ([5182cd5](5182cd5))
* return last modified for source based on timestamp ([#142](#142)) ([2b3454b](2b3454b))
* send shared secret to collab ([#202](#202)) ([6636423](6636423))

### Reverts

* Revert "feat: handle bad requests ([#204](#204))" ([#212](#212)) ([306fcb5](306fcb5))
* Revert "Fine grained access control ([#108](#108))" ([#118](#118)) ([68918ca](68918ca))
* Revert "fix: last modified header for source ([#145](#145))" ([#147](#147)) ([20b1a61](20b1a61))
* Revert "fix: versioning timestamp for version and document itself ([#144](#144))" ([#146](#146)) ([f626da7](f626da7))
* Revert "Revert "fix: last modified header for source"" ([#149](#149)) ([767629c](767629c)), closes [#145](#145) [#147](#147)
adobe-bot pushed a commit that referenced this pull request Dec 4, 2025
# 1.0.0 (2025-12-04)

### Bug Fixes

* add IMS offline token validation ([#109](#109)) ([ba7f961](ba7f961))
* add more tests for getObject ([#148](#148)) ([7055d3c](7055d3c))
* add semantic release ([#213](#213)) ([86b608d](86b608d))
* build ([51c6255](51c6255))
* consistently use 'syncadmin' (no intercaps) ([#198](#198)) ([3197624](3197624))
* CopySource needs to be encoded ([#210](#210)) ([1ab3fc8](1ab3fc8))
* do not respond a 404 on error ([#184](#184)) ([b1d10c8](b1d10c8))
* error when copying a file that exists ([#185](#185)) ([7215387](7215387))
* get handler returns undefined ([#168](#168)) ([aa55ce5](aa55ce5))
* last modified header for source ([#145](#145)) ([edf1de1](edf1de1))
* non-https links in docs ([#190](#190)) ([661db82](661db82))
* only invalidate collab for html documents ([#167](#167)) ([71e6a1c](71e6a1c)), closes [#166](#166)
* persist creds ([d5dfed1](d5dfed1))
* pin s3 client version due to problems with DOMParser ([#201](#201)) ([1f93628](1f93628))
* preserve content type when copying ([#182](#182)) ([4e83525](4e83525))
* put/post to source responds with hlx.page / hlx.live ([#209](#209)) ([0415ef4](0415ef4))
* trigger release ([3c35bb4](3c35bb4))
* versioning timestamp for version and document itself ([#144](#144)) ([a384662](a384662))
* **versionsource:** "delegate" permission check to api ([#179](#179)) ([04b17f2](04b17f2))
* when catching exceptions don't rely on $metadata being set ([#170](#170)) ([5e121f0](5e121f0)), closes [#169](#169)

### Features

* add a restore point if body is empty ([#173](#173)) ([65cbf32](65cbf32))
* add HTTP conditional request support (If-Match, If-None-Match) ([#187](#187)) ([190afd8](190afd8))
* do not create a version for binaries ([#211](#211)) ([92ea28a](92ea28a))
* handle bad requests ([#204](#204)) ([5ae63c5](5ae63c5))
* handle bad requests ([#214](#214)) ([be0dc49](be0dc49)), closes [#204](#204) [#212](#212)
* no version for binaries ([dd98406](dd98406))
* preserve content type in versions ([#177](#177)) ([5182cd5](5182cd5))
* return last modified for source based on timestamp ([#142](#142)) ([2b3454b](2b3454b))
* send shared secret to collab ([#202](#202)) ([6636423](6636423))

### Reverts

* Revert "feat: handle bad requests ([#204](#204))" ([#212](#212)) ([306fcb5](306fcb5))
* Revert "Fine grained access control ([#108](#108))" ([#118](#118)) ([68918ca](68918ca))
* Revert "fix: last modified header for source ([#145](#145))" ([#147](#147)) ([20b1a61](20b1a61))
* Revert "fix: versioning timestamp for version and document itself ([#144](#144))" ([#146](#146)) ([f626da7](f626da7))
* Revert "Revert "fix: last modified header for source"" ([#149](#149)) ([767629c](767629c)), closes [#145](#145) [#147](#147)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants