HTTPClient: disable URLSession cache#2668
Merged
Merged
Conversation
NachoSoto
added a commit
that referenced
this pull request
Jun 16, 2023
Changed this log: ``` [network] DEBUG: ℹ️ API request failed: GET /v1/subscribers/17571811-B0A4-49DC-B326-572E602BF195: Request failed signature verification. ``` To this: ``` [network] DEBUG: ℹ️ API request failed: GET /v1/subscribers/BD9F38FF-33C6-4A77-86F7-6AEA92E6717D (200): Request failed signature verification. ``` This was useful when debugging #2668 and #2659.
This was referenced Jun 16, 2023
Codecov Report
@@ Coverage Diff @@
## main #2668 +/- ##
==========================================
- Coverage 86.47% 86.33% -0.15%
==========================================
Files 208 207 -1
Lines 14783 14675 -108
==========================================
- Hits 12784 12670 -114
- Misses 1999 2005 +6
|
tonidero
reviewed
Jun 16, 2023
tonidero
left a comment
Contributor
There was a problem hiding this comment.
I think this makes sense... But still wonder why we receive 304 responses sometimes with this... Any thoughts?
Contributor
There was a problem hiding this comment.
Hmm I wonder, if this was the case before, did we ever receive 304 responses in our code? As in, would the urlCache always kick in? Not sure how it works internally though.
Contributor
Author
There was a problem hiding this comment.
We did, but we didn’t really have any actual coverage for it other that using the HTTP mocks which could have messed with this.
Contributor
Author
|
We use an ephemeral configuration which caches in memory. My guess is that it has a limited TTL for the cache? I’m not really sure TBH. |
NachoSoto
added a commit
that referenced
this pull request
Jun 16, 2023
For some PRs where we only change a few lines, we sometimes get failures (example: #2668). It's extra noise, since we're only using coverage data as information. See documentation: https://docs.codecov.com/docs/codecovyml-reference
Contributor
Author
@aboedo figured it out:
Source: https://www.rfc-editor.org/rfc/rfc9111.html#heuristic.freshness So the answer is: it's an implementation detail 🤷🏻♂️ |
Turns out this was breaking a 304 integration test in #2659. I'm very confused why we hadn't seen it before. Possibly it didn't matter for normal requests, but it was breaking signature verification because the `nonce` was different on the new request, and therefore it wouldn't match the cached signature.
284bd01 to
022e958
Compare
tonidero
approved these changes
Jun 16, 2023
tonidero
left a comment
Contributor
There was a problem hiding this comment.
Interesting, thanks for investigating!
NachoSoto
commented
Jun 16, 2023
| config.httpMaximumConnectionsPerHost = 1 | ||
| config.timeoutIntervalForRequest = requestTimeout | ||
| config.timeoutIntervalForResource = requestTimeout | ||
| config.urlCache = nil // We implement our own caching with `ETagManager`. |
Contributor
Author
There was a problem hiding this comment.
BTW let's add a test for this when we finish #2561.
NachoSoto
pushed a commit
that referenced
this pull request
Jun 22, 2023
**This is an automatic release.** ### Bugfixes * `PurchasesOrchestrator`: update `CustomerInfoManager` cache after processing transactions (#2676) via NachoSoto (@NachoSoto) * `ErrorResponse`: drastically improved error messages, no more "unknown error"s (#2660) via NachoSoto (@NachoSoto) * `PaywallExtensions`: post purchases with `Offering` identifier (#2645) via NachoSoto (@NachoSoto) * Support `product_plan_identifier` for purchased subscriptions from `Google Play` (#2654) via Josh Holtz (@joshdholtz) ### Performance Improvements * `copy(with: VerificationResult)`: optimization to avoid copies (#2639) via NachoSoto (@NachoSoto) ### Other Changes * `ETagManager`: refactored e-tag creation and tests (#2671) via NachoSoto (@NachoSoto) * `getPromotionalOffer`: return `ErrorCode.ineligibleError` if receipt is not found (#2678) via NachoSoto (@NachoSoto) * `TimingUtil`: removed slow purchase logs (#2677) via NachoSoto (@NachoSoto) * `CI`: changed `Codecov` to `informational` (#2670) via NachoSoto (@NachoSoto) * `LoadShedderIntegrationTests`: verify requests are actually handled by load shedder (#2663) via NachoSoto (@NachoSoto) * `ETagManager.httpResultFromCacheOrBackend`: return response headers (#2666) via NachoSoto (@NachoSoto) * `Integration Tests`: added tests to verify 304 behavior (#2659) via NachoSoto (@NachoSoto) * `HTTPClient`: disable `URLSession` cache (#2668) via NachoSoto (@NachoSoto) * Documented `HTTPStatusCode.isSuccessfullySynced` (#2661) via NachoSoto (@NachoSoto) * `NetworkError.signatureVerificationFailed`: added status code to error `userInfo` (#2657) via NachoSoto (@NachoSoto) * `HTTPClient`: improved log for failed requests (#2669) via NachoSoto (@NachoSoto) * `ETagManager`: added new verbose logs (#2656) via NachoSoto (@NachoSoto) * `Signature Verification`: added test-only log for debugging invalid signatures (#2658) via NachoSoto (@NachoSoto) * Fixed `HTTPResponse.description` (#2664) via NachoSoto (@NachoSoto) * Changed `Logger` to use `os_log` (#2608) via NachoSoto (@NachoSoto) * `MainThreadMonitor`: increased threshold (#2662) via NachoSoto (@NachoSoto) * `debugRevenueCatOverlay`: display `receiptURL` (#2652) via NachoSoto (@NachoSoto) * `PurchaseTester`: added ability to display `debugRevenueCatOverlay` (#2653) via NachoSoto (@NachoSoto) * `debugRevenueCatOverlay`: ability to close on `macOS`/`Catalyst` (#2649) via NachoSoto (@NachoSoto) * `debugRevenueCatOverlay`: added support for `macOS` (#2648) via NachoSoto (@NachoSoto) * `LoadShedderIntegrationTests`: enable signature verification (#2655) via NachoSoto (@NachoSoto) * `ImageSnapshot`: fixed Xcode 15 compilation (#2651) via NachoSoto (@NachoSoto) * `OfferingsManager`: don't clear offerings cache timestamp when request fails (#2359) via NachoSoto (@NachoSoto) * `StoreKitObserverModeIntegrationTests`: added test for posting renewals (#2590) via NachoSoto (@NachoSoto) * Always initialize `StoreKit2TransactionListener` even on SK1 mode (#2612) via NachoSoto (@NachoSoto) * `ErrorUtils.missingReceiptFileError`: added receipt URL `userInfo` context (#2650) via NachoSoto (@NachoSoto) * Added `.xcprivacy` for Xcode 15 (#2619) via NachoSoto (@NachoSoto) * `Trusted Entitlements`: added debug log with `ResponseVerificationMode` (#2647) via NachoSoto (@NachoSoto) * `debugRevenueCatOverlay`: simplified title (#2641) via NachoSoto (@NachoSoto) * Simplified `Purchases.updateAllCachesIfNeeded` (#2626) via NachoSoto (@NachoSoto) * `HTTPResponseTests`: fixed disabled test (#2643) via NachoSoto (@NachoSoto) * Add `InternalDangerousSettings.forceSignatureFailures` (#2635) via NachoSoto (@NachoSoto) * `IntegrationTests`: explicit `StoreKit 1` mode (#2636) via NachoSoto (@NachoSoto) * `Signing`: removed API for loading key from a file (#2638) via NachoSoto (@NachoSoto)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Turns out this was breaking an HTTP 304 integration test in #2659. I'm very confused why we hadn't seen it before.
Possibly it didn't matter for normal requests, but it was breaking signature verification because the
noncewas different on the new request, and therefore it wouldn't match the cached signature.