This blog is part of our Rails 5 series.

ETag, short for entity tag, is a part of HTTP header and is used for web cache validation. ETag is a digest of the resource that uniquely identifies specific version of the resource. This helps browser and web servers determine if resource in the browser’s cache is exactly same as the resource on the server.

ETag supports strong and weak validation of the resource.

Strong ETag indicates that resource content is same for response body and the response headers.

Weak ETag indicates that the two representations are semantically equivalent. It compares only the response body.

Weak ETags are prefixed with W\ and thus one can easily distinguish between Weak ETags and Strong ETags.

"543b39c23d8d34c232b457297d38ad99" – Strong ETag W/"543b39c23d8d34c232b457297d38ad99" – Weak ETag

W3 has an example page to illustrate how ETag matching works.

When server receives a request, it returns an ETag header as part of HTTP response. This ETag represents state of the resource. For the subsequent HTTP requests, client sends this ETag via If-None-Match header to identify if the resource is changed or not. The server will compare the current ETag and the one sent by the client. If ETag matches, server responds with 304 Not modified . This means resource content in the client’s cache is up-to-date. If resource is changed, server will send updated resource along with the new ETag.

Let’s see it in action.

Rails 4.x generates strong ETags by default i.e without W/ prefix.

class ItemsController < ApplicationController def show @item = Item . find ( params [ :id ]) fresh_when @item end end

We are making first request to the server.

$ curl -i http://localhost:3000/items/1 HTTP/1.1 200 OK X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Etag: "618bbc92e2d35ea1945008b42799b0e7" Last-Modified: Sat, 30 Jan 2016 08:02:12 GMT Content-Type: text/html; charset=utf-8 Cache-Control: max-age=0, private, must-revalidate X-Request-Id: 98359119-14ae-4e4e-8174-708abbc3fd4b X-Runtime: 0.412232 Server: WEBrick/1.3.1 (Ruby/2.2.2/2015-04-13) Date: Fri, 04 Mar 2016 10:50:38 GMT Content-Length: 1014 Connection: Keep-Alive

For the next request, we will send ETag that was sent by the sever. And notice that server returns 304 Not Modified .

$ curl -i -H 'If-None-Match: "618bbc92e2d35ea1945008b42799b0e7"' http://localhost:3000/items/1 HTTP/1.1 304 Not Modified X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Etag: "618bbc92e2d35ea1945008b42799b0e7" Last-Modified: Sat, 30 Jan 2016 08:02:12 GMT Cache-Control: max-age=0, private, must-revalidate X-Request-Id: e4447f82-b96c-4482-a5ff-4f5003910c18 X-Runtime: 0.012878 Server: WEBrick/1.3.1 (Ruby/2.2.2/2015-04-13) Date: Fri, 04 Mar 2016 10:51:22 GMT Connection: Keep-Alive

In Rails 5, all ETags generated by Rails will be weak by default.

$ curl -i http://localhost:3000/items/1 HTTP/1.1 200 OK X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Etag: W/"b749c4dd1b20885128f9d9a1a8ba70b6" Last-Modified: Sat, 05 Mar 2016 00:00:00 GMT Content-Type: text/html; charset=utf-8 Cache-Control: max-age=0, private, must-revalidate X-Request-Id: a24b986c-74f0-4e23-9b1d-0b52cb3ef906 X-Runtime: 0.038372 Server: WEBrick/1.3.1 (Ruby/2.2.3/2015-08-18) Date: Fri, 04 Mar 2016 10:48:35 GMT Content-Length: 1906 Connection: Keep-Alive

Now for the second request, server will return 304 Not Modified response as before, but the ETag is weak ETag.

$ curl -i -H 'If-None-Match: W/"b749c4dd1b20885128f9d9a1a8ba70b6"' http://localhost:3000/items/1 HTTP/1.1 304 Not Modified X-Frame-Options: SAMEORIGIN X-Xss-Protection: 1; mode=block X-Content-Type-Options: nosniff Etag: W/"b749c4dd1b20885128f9d9a1a8ba70b6" Last-Modified: Sat, 05 Mar 2016 00:00:00 GMT Cache-Control: max-age=0, private, must-revalidate X-Request-Id: 7fc8a8b9-c7ff-4600-bf9b-c847201973cc X-Runtime: 0.005469 Server: WEBrick/1.3.1 (Ruby/2.2.3/2015-08-18) Date: Fri, 04 Mar 2016 10:49:27 GMT Connection: Keep-Alive

Why this change?

Rails does not perform strong validation of ETags as implied by strong ETags spec. Rails just checks whether the incoming ETag from the request headers matches with the ETag of the generated response. It does not do byte by byte comparison of the response.

This was true even before Rails 5. So this change is more of a course correction. Rack also generates weak ETags by default because of similar reasons.

Mark Notthingham is chair of HTTP Working Group and he has written about etags which has some useful links to other ETag resources.

If we want to bypass default Rails 5 behavior to use strong ETags then we can do by following way.

class ItemsController < ApplicationController def show @item = Item . find ( params [ :id ]) fresh_when strong_etag: @item end end