-
Notifications
You must be signed in to change notification settings - Fork 316
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HTTPClient
: disable URLSession
cache
#2668
Conversation
Changed this log: ``` [network] DEBUG: ℹ️ API request failed: GET /v1/subscribers/17571811-B0A4-49DC-B326-572E602BF195: Request failed signature verification. ``` To this: ``` [network] DEBUG: ℹ️ API request failed: GET /v1/subscribers/BD9F38FF-33C6-4A77-86F7-6AEA92E6717D (200): Request failed signature verification. ``` This was useful when debugging #2668 and #2659.
Codecov Report
@@ Coverage Diff @@
## main #2668 +/- ##
==========================================
- Coverage 86.47% 86.33% -0.15%
==========================================
Files 208 207 -1
Lines 14783 14675 -108
==========================================
- Hits 12784 12670 -114
- Misses 1999 2005 +6
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think this makes sense... But still wonder why we receive 304 responses sometimes with this... Any thoughts?
@@ -42,6 +42,7 @@ class HTTPClient { | |||
config.httpMaximumConnectionsPerHost = 1 | |||
config.timeoutIntervalForRequest = requestTimeout | |||
config.timeoutIntervalForResource = requestTimeout | |||
config.urlCache = nil // We implement our own caching with `ETagManager`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm I wonder, if this was the case before, did we ever receive 304 responses in our code? As in, would the urlCache always kick in? Not sure how it works internally though.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We did, but we didn’t really have any actual coverage for it other that using the HTTP mocks which could have messed with this.
We use an ephemeral configuration which caches in memory. My guess is that it has a limited TTL for the cache? I’m not really sure TBH. |
For some PRs where we only change a few lines, we sometimes get failures (example: #2668). It's extra noise, since we're only using coverage data as information. See documentation: https://docs.codecov.com/docs/codecovyml-reference
@aboedo figured it out:
Source: https://www.rfc-editor.org/rfc/rfc9111.html#heuristic.freshness So the answer is: it's an implementation detail 🤷🏻♂️ |
Turns out this was breaking a 304 integration test in #2659. I'm very confused why we hadn't seen it before. Possibly it didn't matter for normal requests, but it was breaking signature verification because the `nonce` was different on the new request, and therefore it wouldn't match the cached signature.
284bd01
to
022e958
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interesting, thanks for investigating!
@@ -42,6 +42,7 @@ class HTTPClient { | |||
config.httpMaximumConnectionsPerHost = 1 | |||
config.timeoutIntervalForRequest = requestTimeout | |||
config.timeoutIntervalForResource = requestTimeout | |||
config.urlCache = nil // We implement our own caching with `ETagManager`. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
BTW let's add a test for this when we finish #2561.
**This is an automatic release.** ### Bugfixes * `PurchasesOrchestrator`: update `CustomerInfoManager` cache after processing transactions (#2676) via NachoSoto (@NachoSoto) * `ErrorResponse`: drastically improved error messages, no more "unknown error"s (#2660) via NachoSoto (@NachoSoto) * `PaywallExtensions`: post purchases with `Offering` identifier (#2645) via NachoSoto (@NachoSoto) * Support `product_plan_identifier` for purchased subscriptions from `Google Play` (#2654) via Josh Holtz (@joshdholtz) ### Performance Improvements * `copy(with: VerificationResult)`: optimization to avoid copies (#2639) via NachoSoto (@NachoSoto) ### Other Changes * `ETagManager`: refactored e-tag creation and tests (#2671) via NachoSoto (@NachoSoto) * `getPromotionalOffer`: return `ErrorCode.ineligibleError` if receipt is not found (#2678) via NachoSoto (@NachoSoto) * `TimingUtil`: removed slow purchase logs (#2677) via NachoSoto (@NachoSoto) * `CI`: changed `Codecov` to `informational` (#2670) via NachoSoto (@NachoSoto) * `LoadShedderIntegrationTests`: verify requests are actually handled by load shedder (#2663) via NachoSoto (@NachoSoto) * `ETagManager.httpResultFromCacheOrBackend`: return response headers (#2666) via NachoSoto (@NachoSoto) * `Integration Tests`: added tests to verify 304 behavior (#2659) via NachoSoto (@NachoSoto) * `HTTPClient`: disable `URLSession` cache (#2668) via NachoSoto (@NachoSoto) * Documented `HTTPStatusCode.isSuccessfullySynced` (#2661) via NachoSoto (@NachoSoto) * `NetworkError.signatureVerificationFailed`: added status code to error `userInfo` (#2657) via NachoSoto (@NachoSoto) * `HTTPClient`: improved log for failed requests (#2669) via NachoSoto (@NachoSoto) * `ETagManager`: added new verbose logs (#2656) via NachoSoto (@NachoSoto) * `Signature Verification`: added test-only log for debugging invalid signatures (#2658) via NachoSoto (@NachoSoto) * Fixed `HTTPResponse.description` (#2664) via NachoSoto (@NachoSoto) * Changed `Logger` to use `os_log` (#2608) via NachoSoto (@NachoSoto) * `MainThreadMonitor`: increased threshold (#2662) via NachoSoto (@NachoSoto) * `debugRevenueCatOverlay`: display `receiptURL` (#2652) via NachoSoto (@NachoSoto) * `PurchaseTester`: added ability to display `debugRevenueCatOverlay` (#2653) via NachoSoto (@NachoSoto) * `debugRevenueCatOverlay`: ability to close on `macOS`/`Catalyst` (#2649) via NachoSoto (@NachoSoto) * `debugRevenueCatOverlay`: added support for `macOS` (#2648) via NachoSoto (@NachoSoto) * `LoadShedderIntegrationTests`: enable signature verification (#2655) via NachoSoto (@NachoSoto) * `ImageSnapshot`: fixed Xcode 15 compilation (#2651) via NachoSoto (@NachoSoto) * `OfferingsManager`: don't clear offerings cache timestamp when request fails (#2359) via NachoSoto (@NachoSoto) * `StoreKitObserverModeIntegrationTests`: added test for posting renewals (#2590) via NachoSoto (@NachoSoto) * Always initialize `StoreKit2TransactionListener` even on SK1 mode (#2612) via NachoSoto (@NachoSoto) * `ErrorUtils.missingReceiptFileError`: added receipt URL `userInfo` context (#2650) via NachoSoto (@NachoSoto) * Added `.xcprivacy` for Xcode 15 (#2619) via NachoSoto (@NachoSoto) * `Trusted Entitlements`: added debug log with `ResponseVerificationMode` (#2647) via NachoSoto (@NachoSoto) * `debugRevenueCatOverlay`: simplified title (#2641) via NachoSoto (@NachoSoto) * Simplified `Purchases.updateAllCachesIfNeeded` (#2626) via NachoSoto (@NachoSoto) * `HTTPResponseTests`: fixed disabled test (#2643) via NachoSoto (@NachoSoto) * Add `InternalDangerousSettings.forceSignatureFailures` (#2635) via NachoSoto (@NachoSoto) * `IntegrationTests`: explicit `StoreKit 1` mode (#2636) via NachoSoto (@NachoSoto) * `Signing`: removed API for loading key from a file (#2638) via NachoSoto (@NachoSoto)
Turns out this was breaking an HTTP 304 integration test in #2659. I'm very confused why we hadn't seen it before.
Possibly it didn't matter for normal requests, but it was breaking signature verification because the
nonce
was different on the new request, and therefore it wouldn't match the cached signature.