1) convert MD5 hash into string using standard method instead of base64;
2) if par2 isn’t available using another hash function from Util-unit;
3) avoid gzipping of response if it isn’t sent;
4) use BString class for header string formatting.
The web server now support Etag generation for static files and some RPC
methods. If If-None-Match is given in the request and matches with the Etag
generated for the response than no data is sent and 304 or 412 is returned.
The JavaScript RPC calls also support the new HTTP error code by buffering
Etags and responses and will reuse the previous response if 412 is returned.
Built-in web-server doesn’t print warnings to log for certain files
which are or can be missing but that’s OK for them:
- package-info.json - update information file, which is available only
with binary packages supporting automatic updates;
- favicon.ico - the file is located in img-subdirectory; web-clients
requesting the file from the root directory are doing this wrong;
- apple-touch-icon*.png - iOS safari asks for these files, but we don’t
have nice icons.
Implemented authorization via X-Auth-Token to overcome Safari’s bug,
where it may stop sending HTTP Basic Auth header when executing ajax
requests leading to communication errors in web-interface. With
X-Auth-Token only the first request must include HTTP Basic Auth, for
sub-sequential requests the web-interface sends X-Auth-Token, received
from server on first request. The web-interface even tries to remove
the HTTP Basic Auth header from request to improve security; this
however works only in Chrome, other tested browsers still send the Auth
data anyway (IE, Safari, Firefox).
