avoid

304 Not Modified HTTP Status (Explained with Code Example and Pros & Cons)



Sharing buttons:

what is going on guys in this video I

want to discuss the 304 not modified

status code some of you asked me a

question that they hey we're seeing this

status code return from our inbound

traffic outbound traffic and our cloud

provider and then we don't know what is

this and I talked about a 304 not

modified in one of my video when I

discussed etag check out the video right

here I'm gonna reference it but in this

video I'm gonna just show you how what

it is why do we have it and then kind of

show you some code to reproduce it and

then understanding better how are we

jump into it so three or four in a

nutshell not modified is a code that is

returned by the server to tell the

client that hey whatever you have of

that requested resource that you've just

requested is actually good

alright so three or four not modified is

actually empty but that doesn't have

anybody and anybody it doesn't have any

content it just tells you that hey your

content is good keep caching it it's a

caching mechanism alright so let's go

ahead and explain that so what I'm gonna

go to example.com to demonstrate that so

this is an example dot-com website and

I'm gonna go ahead and go to the console

here alright guys so what we're gonna do

here is I'm gonna make a fetch command

and the reason I am in the same domain

just to avoid course errors things like

that and I'm gonna do basically make a

fetch command to the same content and

literally just print that response

header and return a dot txt because I

know the content is thick so I'm gonna

return it and I'm gonna print the

headers and everything that we come back

and then just since we know that the

content is text goes into HTML page that

should work and here's what we get back

we got back to the response object and

it's a status 200 and we go to the

network you can see that this is what we

made that request that we made is

basically it's just a get request and we

asked

or this and we said hey by the way if

you if you support that stuff go ahead

and fix it to me and this if the server

supports caching here's what will reply

with it's gonna apply with the content

which is the response in this case that

HTML we saw and here's what we return it

returns is something called attack so

that etag represents a hash of the

content that returns a HTML page in this

case and every web server implements

this differently to be honest right

really depends on the web server some

web servers literally hashes the content

some observer implements really

cryptographic confirm algorithms if they

had that and that e tag is actually a

result of of a hash of a cache really

right cache result or maybe a database

query you don't know right so you need

and they'll go to them to spits out this

attack right and most of the time if

it's a static content it's taken care of

for you but if it's Jason or something

that you build you have to do it

yourself as the backend engineer but

regardless so now we have an e-tag that

represent represents uniquely that

content so the client takes that etag

and says hey i am going to make a

request again to that server but here's

what I'm gonna do I am going to tell the

server

hey server I want example that come and

by the way I did make a request few

seconds ago to this right but but please

tell me does this etag that I have is

called F none match you sent I send a

header with that etag and I told that

and I basically tell the server's hey if

you didn't find a match for this a tag

return the contest for me if it if you

did tell me that it didn't change so I

keep the cached version that I had

because you're gonna catch this stuff

locally right that the HTML bit the JSON

document over that PDF or whatever I had

to add these double coats because that's

the content that's one that's just part

of the attack for some reason I didn't

include the coats huh

right so now if I do this now if I hit

enter look what the server responds to

me it didn't respond with the content at

all it said hey status 304 not modified

and it yeah that means whatever copy of

the version that I have is actually good

I'm no don't bother and send me a new

version right but if I say it for

example let's change this to something

else right that means let's say this is

a copy that is an oldy tag right and the

version of the server actually changed

right when I hit that the server will

actually says now you your attack is bad

and use this now and it's gonna send me

just the normal 200 okay all right so

what's the advantages and disadvantage

of this so if you implement etag and

most browsers just implement it for you

by default you don't have to worry about

it some browsers just naturally if it's

a get request eat eggs are unsupported

for doesn't make any sense with post

requests if you think of all right it's

just get right and yeah what do what do

you get and in return is basically lower

network latency because you don't send

this big responses back of the server so

that's a good thing right and then

another thing is just the client will be

more efficient in this case because it

doesn't have to re parse that content

from the server end and restore it and

maybe a recheck it and implement all the

validation that has to do locally so

yeah e tags are are very very good in

this case right so that the bad thing

about this is a really bad request if it

did hit that cache and the server side

that a tag is matched right then if it's

a static file we don't really worry

about much about it right because it's

just yeah it's a literally a hash of the

static counter right so we'll just

reserve however if you implement a

specific

hashing algorithm that you have to hit

the database to fetch the content to

actually hash it then you then you you

need to start to worry about it as a

back-end engineers and maybe implement

some caching algorithm and some caching

and validation another cons I guess a

problem and especially if you have a

load balancer in front of these puppies

right if you have a lot of bands in

front of these puppies and then eat eat

tag generation between servers can

actually be different because the load

balancer you might hit a load balancer

that has server one and that server one

generates the e-tag right but then if

you if the client comes back with the

e-tag and the resource didn't change but

the load balancer brought the attacks to

another server and the server has the

completely different caching not cashing

regenerate hash the regeneration or eat

egg regeneration algorithm for that

resource

despite the resore didn't change right

you you will take the head to actually

deliver the full resource back to the

counter when I say resource HTML pages

and all that jazz right so yeah even

different versions of the web server can

matter here so make sure that versions

are identical some versions some

implementation the server I know it's

patchy is like it uses the IP address

which is a bad idea

to kind of to kind of solve things

together with the IP address is just

like narrow don't do that because your

IP address will be definitely different

the server's IP address will be

different so yeah that's all that's what

I can think of guys what do you what

else did I miss guys let me know in the

comment section below do you use the

tags at all if not let me know in the

comment section below I am going to see

you in the next one you guys stay

awesome

good bye