Skip to content
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
30 changes: 21 additions & 9 deletions Sources/core/Managers/NetworkManager.swift
Original file line number Diff line number Diff line change
Expand Up @@ -12,18 +12,30 @@ public final class NetworkManager {

private init() {}

/// Session that never serves cached responses. Bootstrap data must reflect ORIGIN
/// truth on every run: management.json drives the per-item hash check, so a stale
/// manifest (from the local URL cache or a CDN edge that hasn't purged yet) makes a
/// changed file — e.g. ProvisioningWatcher.sh — compare against a stale expected hash,
/// get judged "already valid", and never re-download. Disabling the URL cache and
/// ignoring local + remote caches makes the hash diff always self-heal.
private static let noCacheSession: URLSession = {
let config = URLSessionConfiguration.default
config.urlCache = nil
config.requestCachePolicy = .reloadIgnoringLocalAndRemoteCacheData
return URLSession(configuration: config)
}()

public func downloadData(
from url: URL,
followRedirects: Bool,
authHeader: String?,
completion: @escaping @Sendable (Data?, Error?) -> Void
) {
var request = URLRequest(url: url)
var request = URLRequest(url: url, cachePolicy: .reloadIgnoringLocalAndRemoteCacheData)
Comment on lines 28 to +34
if let header = authHeader {
request.addValue(header, forHTTPHeaderField: "Authorization")
}
let session = URLSession(configuration: .default)
session.dataTask(with: request) { data, _, error in
Self.noCacheSession.dataTask(with: request) { data, _, error in
completion(data, error)
}.resume()
}
Expand All @@ -39,16 +51,16 @@ public final class NetworkManager {
completion(.failure(DownloadError.invalidURL))
return
}
var request = URLRequest(url: url)
var request = URLRequest(url: url, cachePolicy: .reloadIgnoringLocalAndRemoteCacheData)
if let header = authHeader ?? authorizationHeader {
request.addValue(header, forHTTPHeaderField: "Authorization")
}

let session = URLSession(configuration: .default)

// Use dataTask instead of downloadTask to avoid system temp directory
// which is read-only during Setup Assistant
let task = session.dataTask(with: request) { data, _, error in
// Use dataTask instead of downloadTask to avoid the system temp directory,
// which is read-only during Setup Assistant. Route through the shared
// no-cache session so manifest and artifact bytes always reflect origin
// truth (a stale cached payload would defeat the per-item hash check).
let task = Self.noCacheSession.dataTask(with: request) { data, _, error in
if let error = error {
completion(.failure(error))
return
Expand Down
Loading