fix: weak etag causes invalid header (#103)

silasjoisten · web-flow · commit f376fdddeb7b · 2026-01-30T18:08:22.000+02:00
diff --git a/src/Cdn/Domain/CdnFileMetadata.php b/src/Cdn/Domain/CdnFileMetadata.php
@@ -38,7 +38,7 @@ public static function fromArray(array $data): self
         return new self(
             originalUrl: $data['originalUrl'],
             contentType: $data['contentType'],
-            etag: $data['etag'],
+            etag: self::normalizeEtag($data['etag']),
             expiresAt: null !== $data['expiresAt'] ? new DateTimeImmutable($data['expiresAt']) : null,
         );
     }
@@ -48,7 +48,7 @@ public function withDownloadInfo(string $contentType, ?string $etag, DateTimeImm
         return new self(
             originalUrl: $this->originalUrl,
             contentType: $contentType,
-            etag: $etag,
+            etag: self::normalizeEtag($etag),
             expiresAt: $expiresAt,
         );
     }
@@ -74,4 +74,24 @@ public function jsonSerialize(): array
             'expiresAt' => $this->expiresAt?->format(\DateTimeInterface::ATOM),
         ];
     }
+
+    /**
+     * Normalize ETag by stripping surrounding quotes while preserving weak indicator.
+     * Converts: "value" → value, W/"value" → W/value.
+     */
+    private static function normalizeEtag(?string $etag): ?string
+    {
+        if (null === $etag) {
+            return null;
+        }
+
+        $weak = '';
+
+        if (str_starts_with($etag, 'W/')) {
+            $weak = 'W/';
+            $etag = substr($etag, 2);
+        }
+
+        return $weak.trim($etag, '"');
+    }
 }
diff --git a/src/Controller/CdnController.php b/src/Controller/CdnController.php
@@ -81,7 +81,10 @@ public function __invoke(Request $request, string $id, string $filename, string
         }
 
         if (true === $this->etag && null !== $metadata->etag) {
-            $response->setEtag($metadata->etag);
+            $etag = $metadata->etag;
+            $weak = str_starts_with($etag, 'W/');
+
+            $response->setEtag($weak ? substr($etag, 2) : $etag, $weak);
         }
 
         if (null !== $this->maxAge) {
diff --git a/tests/Unit/Cdn/Domain/CdnFileMetadataTest.php b/tests/Unit/Cdn/Domain/CdnFileMetadataTest.php
@@ -70,7 +70,7 @@ public function fromArray(): void
 
         self::assertSame('https://a.storyblok.com/f/12345/image.jpg', $metadata->originalUrl);
         self::assertSame('image/png', $metadata->contentType);
-        self::assertSame('"xyz789"', $metadata->etag);
+        self::assertSame('xyz789', $metadata->etag);
         self::assertSame('2025-06-15T10:30:00+00:00', $metadata->expiresAt?->format(\DateTimeInterface::ATOM));
     }
 
@@ -104,7 +104,7 @@ public function withDownloadInfo(): void
 
         self::assertSame('https://a.storyblok.com/f/12345/image.jpg', $enriched->originalUrl);
         self::assertSame('image/webp', $enriched->contentType);
-        self::assertSame('"newetag"', $enriched->etag);
+        self::assertSame('newetag', $enriched->etag);
         self::assertSame($expiresAt, $enriched->expiresAt);
     }
 
@@ -190,4 +190,70 @@ public function jsonSerializeWithNullValues(): void
             'expiresAt' => null,
         ], $json);
     }
+
+    #[Test]
+    public function fromArrayNormalizesStrongEtag(): void
+    {
+        $data = [
+            'originalUrl' => 'https://a.storyblok.com/f/12345/image.jpg',
+            'contentType' => 'image/jpeg',
+            'etag' => '"f062382e65b34974ba85009cf8625737"',
+            'expiresAt' => null,
+        ];
+
+        $metadata = CdnFileMetadata::fromArray($data);
+
+        self::assertSame('f062382e65b34974ba85009cf8625737', $metadata->etag);
+    }
+
+    #[Test]
+    public function fromArrayNormalizesWeakEtag(): void
+    {
+        $data = [
+            'originalUrl' => 'https://a.storyblok.com/f/12345/image.jpg',
+            'contentType' => 'image/jpeg',
+            'etag' => 'W/"f062382e65b34974ba85009cf8625737"',
+            'expiresAt' => null,
+        ];
+
+        $metadata = CdnFileMetadata::fromArray($data);
+
+        self::assertSame('W/f062382e65b34974ba85009cf8625737', $metadata->etag);
+    }
+
+    #[Test]
+    public function withDownloadInfoNormalizesStrongEtag(): void
+    {
+        $metadata = new CdnFileMetadata(
+            originalUrl: 'https://a.storyblok.com/f/12345/image.jpg',
+        );
+
+        $enriched = $metadata->withDownloadInfo('image/jpeg', '"abc123"', new DateTimeImmutable());
+
+        self::assertSame('abc123', $enriched->etag);
+    }
+
+    #[Test]
+    public function withDownloadInfoNormalizesWeakEtag(): void
+    {
+        $metadata = new CdnFileMetadata(
+            originalUrl: 'https://a.storyblok.com/f/12345/image.jpg',
+        );
+
+        $enriched = $metadata->withDownloadInfo('image/jpeg', 'W/"abc123"', new DateTimeImmutable());
+
+        self::assertSame('W/abc123', $enriched->etag);
+    }
+
+    #[Test]
+    public function withDownloadInfoHandlesNullEtag(): void
+    {
+        $metadata = new CdnFileMetadata(
+            originalUrl: 'https://a.storyblok.com/f/12345/image.jpg',
+        );
+
+        $enriched = $metadata->withDownloadInfo('image/jpeg', null, new DateTimeImmutable());
+
+        self::assertNull($enriched->etag);
+    }
 }
diff --git a/tests/Unit/Cdn/Storage/CdnFilesystemStorageTest.php b/tests/Unit/Cdn/Storage/CdnFilesystemStorageTest.php
@@ -132,7 +132,8 @@ public function getMetadataReturnsMetadata(): void
 
         self::assertSame('https://a.storyblok.com/f/12345/image.jpg', $result->originalUrl);
         self::assertSame('image/jpeg', $result->contentType);
-        self::assertSame('"abc123"', $result->etag);
+        // ETag is normalized when loading from storage (quotes stripped)
+        self::assertSame('abc123', $result->etag);
     }
 
     #[Test]
@@ -207,7 +208,8 @@ public function setMetadataUpdatesExistingMetadata(): void
         $result = $this->storage->getMetadata($id, 'image.jpg');
 
         self::assertSame('image/jpeg', $result->contentType);
-        self::assertSame('"updated"', $result->etag);
+        // ETag is normalized when loading from storage (quotes stripped)
+        self::assertSame('updated', $result->etag);
     }
 
     #[Test]
diff --git a/tests/Unit/Controller/CdnControllerTest.php b/tests/Unit/Controller/CdnControllerTest.php
@@ -274,6 +274,33 @@ public function doesNotSetEtagHeaderWhenNotConfigured(): void
         self::assertNull($response->getEtag());
     }
 
+    #[Test]
+    public function setsWeakEtagHeaderWhenConfigured(): void
+    {
+        $tempFile = $this->createTempFile('content');
+        $file = new File($tempFile);
+
+        $metadata = new CdnFileMetadata(
+            originalUrl: 'https://a.storyblok.com/f/12345/image.jpg',
+            contentType: 'image/jpeg',
+            etag: 'W/"f062382e65b34974ba85009cf8625737"',
+            expiresAt: new DateTimeImmutable('+1 day'),
+        );
+
+        $storage = self::createMock(CdnStorageInterface::class);
+        $storage->method('getMetadata')->willReturn($metadata);
+        $storage->method('hasFile')->willReturn(true);
+        $storage->method('getFile')->willReturn($file);
+
+        $downloader = self::createMock(FileDownloaderInterface::class);
+
+        $controller = new CdnController($storage, $downloader, null, null, null, true);
+
+        $response = $controller->__invoke(new Request(), 'ef7436441c4defbf', 'image', 'jpg');
+
+        self::assertSame('W/"f062382e65b34974ba85009cf8625737"', $response->getEtag());
+    }
+
     #[Test]
     public function setsMaxAgeWhenConfigured(): void
     {

Original file line number	Diff line number	Diff line change
`@@ -81,7 +81,10 @@ public function __invoke(Request $request, string $id, string $filename, string`
`81`	`81`	`}`
`82`	`82`
`83`	`83`	`if (true === $this->etag && null !== $metadata->etag) {`
`84`		`- $response->setEtag($metadata->etag);`
	`84`	`+ $etag = $metadata->etag;`
	`85`	`+ $weak = str_starts_with($etag, 'W/');`
	`86`	`+`
	`87`	`+ $response->setEtag($weak ? substr($etag, 2) : $etag, $weak);`
`85`	`88`	`}`
`86`	`89`
`87`	`90`	`if (null !== $this->maxAge) {`