Rev 36510 |
Last modification |
Compare with Previous |
View Log
| RSS feed
Last modification
- Rev 36819 2026-06-10 15:33:58
- Author: amit
- Log message:
- Fix idempotency dedup to be server-authoritative (content + partner scoped)
PostInterceptor now keys duplicates on sha256(fofoId|method|uri|bodyHash) for
mutating methods only, instead of the client-supplied IdempotencyKey header.
The header was rotated per-request by the frontend (and old/sticky clients),
so identical submissions produced distinct keys and were never deduped - e.g.
a create-offer burst created 147 duplicate rows. Keying on the request body
makes dedup independent of client behaviour; partner scoping prevents cross-
partner collisions; distinct payloads (one-offer-per-partner) are unaffected.
GET/HEAD are now never deduped (removes spurious GET 400s).
common.js: attach IdempotencyKey only to mutating methods; stop rotating the
key on every ajaxComplete (kept reset on ajaxSuccess only). version 355.