We Keep Coding

Google Cloud CDN serves stale content AFTER revalidation

I am attempting to use Google Cloud CDN with the stale-while-revalidate feature (Google Docs). However, even though I can see asynchronous revalidation requests being made to my backend server, the new content is never served by the CDN.
Here is an example of the response headers from the CDN:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Age: 5202
Cache-Control: max-age=60, public, stale-while-revalidate=86400
Content-Length: 90
Content-Type: application/json
Date: Tue, 08 Feb 2022 16:39:09 GMT
Server: Development/1.0
Via: 1.1 google
You can see that the age is 5205 seconds even though the max-age is 60 sec.
If it has been more than 60 seconds since the last revalidation request, I will see the revalidation request in my server logs, but the content served from the CDN continues to be outdated on future requests.
Here is an example of the response headers directly from my backend server:
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Cache-Control: max-age=60, public, stale-while-revalidate=86400
Content-Length: 645
Content-Type: application/json
Date: Tue, 08 Feb 2022 18:09:39 GMT
Server: Development/1.0
And here is the Google Cloud Logging entry for the revalidation request. I believe it is showing that it received a 200 response as well:
{
"insertId": "1sxvbdng2vrqnhl",
"jsonPayload": {
"parentInsertId": "1sxvbdng2vrqng7",
"#type": "type.googleapis.com/google.cloud.loadbalancing.type.LoadBalancerLogEntry",
"statusDetails": "response_sent_by_backend",
"cacheId": "LAX-ba56a406"
},
"httpRequest": {
"requestMethod": "GET",
"requestUrl": "***masked request url***",
"requestSize": "1888",
"status": 200,
"responseSize": "1259",
"userAgent": "Cloud-CDN-Google (GFE/2.0)",
"remoteIp": "***masked request ip***",
"cacheLookup": true,
"cacheFillBytes": "1259",
"serverIp": "***masked request ip***",
"latency": "0.082249s"
},
"resource": {
"type": "http_load_balancer",
"labels": {
"backend_service_name": "test-be-service",
"target_proxy_name": "test-lb-target-proxy",
"project_id": "cdn-test-2-340220",
"zone": "global",
"url_map_name": "test-lb",
"forwarding_rule_name": "test-lb-forwarding-rule"
}
},
"timestamp": "2022-02-08T19:36:48.094836Z",
"severity": "INFO",
"logName": "projects/cdn-test-2-340220/logs/requests",
"trace": "projects/cdn-test-2-340220/traces/f6a372e62f789d61c3654e50111ffcb9",
"receiveTimestamp": "2022-02-08T19:36:48.360094896Z",
"spanId": "d20eb70cb8d7dff4"
}
This behavior is the same whether I activate stale-while-revalidate via the Cache-Control response header or the Cloud CDN configuration interface.
Either I am not understanding how this is supposed to work, or this is a bug in Google Cloud CDN. Any help resolving this would be greatly appreciated.

Google Drive Doc Fill/AppScripts

I've been working with the Google Drive API in my Java application. The goal is to have a framework for our internal AppEngine project to fill out various templates in our organization's Team Drives.
I have setup a Service Account with domain-wide permissions and have gone through the "Executing Functions using the Apps Script API" documents. I can use the Java v3 library to update a sheet to get some number information, copy the template to a new file in the Team Drive. I've written a simple AppScript function to take in the Docs File Id and a JSON string representing the token/value pairs to substitute.
Everything goes great until it's time to execute the script when I get:
{
"code" : 400,
"errors" : [ {
"domain" : "global",
"message" : "Request contains an invalid argument.",
"reason" : "badRequest"
} ],
"message" : "Request contains an invalid argument.",
"status" : "INVALID_ARGUMENT"
}
Not sure how to debug or change this error, as I don't really get any additional info. I do see the request being made in the AppScript API and project console, but don't know how to get more information.
My code to execute is as follows:
List<Object> params = Lists.newArrayList();
params.add( fileId );
params.add( json );
ExecutionRequest request = new ExecutionRequest().setFunction( "main2" )
.setParameters( params );
script().scripts().run( TEMPLATE_FILLER_SCRIPT_ID, request ).execute();
After enabling the logging to I was able to pull the entire web request. It all looks ~fine but maybe there's more here:
CONFIG: {"function":"main2","parameters":["15gXG9frqV0VrF57BjDqOe0pCHPWxVJ1ucV0Fl3zR0J4","{\"num\":\"035\",\"digital_key\":\"https://docs.google.com/document/d/15gXG9frqV0VrF57BjDqOe0pCHPWxVJ1ucV0Fl3zR0J4\",\"Title\":\"Build Control for Image Enhancement\",\"Author\":\"Evan Ruff\",\"Date\":\"05/11/18\"}"]}
May 11, 2018 4:59:41 PM com.google.api.client.http.HttpRequest execute
CONFIG: -------------- REQUEST --------------
POST https://script.googleapis.com/v1/scripts/1T7HAaK2yJ2qUf3sOAz3ZGSPRql73-DGCe79-dLgCyqbnh_LbIn5KgQ4r:run
Accept-Encoding: gzip
Authorization: Bearer *******MY TOKEN *********
User-Agent: Memo Builder/1.0 Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)
Content-Type: application/json; charset=UTF-8
Content-Encoding: gzip
Content-Length: 230
May 11, 2018 4:59:41 PM com.google.api.client.http.HttpRequest execute
CONFIG: curl -v --compressed -X POST -H 'Accept-Encoding: gzip' -H 'Authorization: Bearer ya29.c.EmW4BdRkBR2JFBoDaAw_FG8DFbNCHYoe4E3jBs9HyowMAPqM2SnNky4ffRdh0zxG2nc4ylcIlr9yUHJ-ibOJuXdJhakgTmEyC7R4xn8cdKEif7mSeaeRGV9XwYI4W3AkoRAz-sCWmw' -H 'User-Agent: Micro C-Memo Builder/1.0 Google-API-Java-Client Google-HTTP-Java-Client/1.23.0 (gzip)' -H 'Content-Type: application/json; charset=UTF-8' -H 'Content-Encoding: gzip' -d '#-' -- 'https://script.googleapis.com/v1/scripts/1T7HAaK2yJ2qUf3sOAz3ZGSPRql73-DGCe79-dLgCyqbnh_LbIn5KgQ4r:run' << $$$
May 11, 2018 4:59:41 PM com.google.api.client.util.LoggingByteArrayOutputStream close
CONFIG: Total: 299 bytes
May 11, 2018 4:59:41 PM com.google.api.client.util.LoggingByteArrayOutputStream close
CONFIG: {"function":"main2","parameters":["15gXG9frqV0VrF57BjDqOe0pCHPWxVJ1ucV0Fl3zR0J4","{\"num\":\"035\",\"digital_key\":\"https://docs.google.com/document/d/15gXG9frqV0VrF57BjDqOe0pCHPWxVJ1ucV0Fl3zR0J4\",\"Title\":\"Build Control for Image Enhancement\",\"Author\":\"Evan Ruff\",\"Date\":\"05/11/18\"}"]}
May 11, 2018 4:59:41 PM com.google.api.client.http.HttpResponse <init>
CONFIG: -------------- RESPONSE --------------
HTTP/1.1 400 Bad Request
Transfer-Encoding: chunked
X-Frame-Options: SAMEORIGIN
Alt-Svc: hq=":443"; ma=2592000; quic=51303433; quic=51303432; quic=51303431; quic=51303339; quic=51303335,quic=":443"; ma=2592000; v="43,42,41,39,35"
Cache-Control: private
Server: ESF
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Vary: Referer
Vary: X-Origin
Vary: Origin
X-XSS-Protection: 1; mode=block
Date: Fri, 11 May 2018 20:59:41 GMT
Content-Type: application/json; charset=UTF-8
This seems simple enough but I'm really struggling. Any tips would be appreciated!

In case someone comes across this, Google released a Java Docs API soon after I actually got this working. The Docs API is a much nicer solution.

Google Drive API call to insert Public Share permissions on Fusiontables causes Internal Error

I have been trying to use the Google Drive API to make a Fusiontable publicly readable, and have not been able to get it to work. I am able to use the OAuth 2.0 Playground to insert public share permissions for other Google Drive documents, but for Fusiontables I get an HTTP 500 error, "Internal Error". Note that I have tried including every scope available under "Drive API v2" and "Fusion Tables API v1".
I'm aware that Google is no longer developing and supporting Fusiontables, but I'm wondering if anyone has found a workaround that allows them to get around this problem? I haven't tried legacy/deprecated versions of the API either.
Here's are the actual API request format and responses from OAuth Playground for a Fusiontable permissions insert (HTTP 500), then a Doc permissions insert (HTTP 200). The only difference between requests is the fusiontable_id or document_id in the Request URI:
Request:
POST /drive/v2/files/<fusiontable_id or document_id>/permissions HTTP/1.1
Host: www.googleapis.com
Content-length: 33
Content-type: application/json
Authorization: Bearer <access_token>
{"role":"reader","type":"anyone"}
Fusiontable Response:
HTTP/1.1 500 Internal Server Error
Content-length: 180
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
Expires: Tue, 04 Nov 2014 23:51:58 GMT
Vary: Origin,Referer,X-Origin
Server: GSE
Cache-control: private, max-age=0
Date: Tue, 04 Nov 2014 23:51:58 GMT
X-frame-options: SAMEORIGIN
Content-type: application/json; charset=UTF-8
{
"error": {
"code": 500,
"message": "Internal Error",
"errors": [
{
"domain": "global",
"message": "Internal Error",
"reason": "internalError"
}
]
}
}
Doc response:
HTTP/1.1 200 OK
Content-length: 281
X-xss-protection: 1; mode=block
X-content-type-options: nosniff
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Vary: Origin,Referer,X-Origin
Server: GSE
Etag: "M4l5RvCt2StP2jOGfgyJPGdTZTc/dgFZz37LrQjIXplUkmnh3VtemzQ"
Pragma: no-cache
Cache-control: no-cache, no-store, max-age=0, must-revalidate
Date: Wed, 05 Nov 2014 15:35:56 GMT
X-frame-options: SAMEORIGIN
Content-type: application/json; charset=UTF-8
{
"kind": "drive#permission",
"etag": "\"M4l5RvCt2StP2jOGfgyJPGdTZTc/dgFZz37LrQjIXplUkmnh3VtemzQ\"",
"role": "reader",
"type": "anyone",
"id": "anyone",
"selfLink": "https://www.googleapis.com/drive/v2/files/<document_id>/permissions/anyone"
}

This appears to be due to a bug in the Drive API. I've located the internal error and have raised the issue with the engineering team. At this time there are no known workarounds.

I have a good news!
I've received an email from googletables-feedback. They says that it should be working now.
My code on Google Client JS API works fine
var setAccess = function setAccessF() {
gapi.client.request({
path : '/drive/v2/files/{fileID}/permissions',
method : 'post',
body : {
'value' : 'anyone',
'type' : 'anyone',
'role' : 'reader'
}
}).then(opt_onFulfilled, opt_onRejected);
}
function opt_onRejected(e) {
console.log(e)
}
function opt_onFulfilled(e) {
console.log(e)
}

If you'd be OK with a temporary workaround, inserting Fusion Table public share permission still works with older XML-based GData API. You can check it out here, though beware of the red banner at the top of the page saying 'The deprecation period for Version 3 of the Google Documents List API is nearly at an end. On April 20, 2015, we will discontinue service for this API.'
So if you need to workaround the problem now, that would keep you going till April and then let's hope the Drive API bug gets fixed before that...

Personally, the document I was attempting to add the permissions to had become invalid. This might also be an issue for someone else.

500 error during list request

Started getting 500 error when trying to execute gapi.client.drive.files.list, even using the API exprorer.
Authorization works fine.
request:
GET https://www.googleapis.com/drive/v2/files?key={YOUR_API_KEY}
Authorization: Bearer ZZZZZZZZZZZZZ
X-JavaScript-User-Agent: Google APIs Explorer
response:
500 Internal Server Error
cache-control: private, max-age=0
content-encoding: gzip
content-length: 66
content-type: application/json; charset=UTF-8
date: Thu, 28 Mar 2013 01:24:28 GMT
expires: Thu, 28 Mar 2013 01:24:28 GMT
server: GSE
{
"error": {
"code": 500,
"message": null
}
}
It was working yesterday.
Update
Apparently it works if I limit the result set to 19 (no query string) or 13 (q: 'root' in parents)
I guess Google developers introduced some kind of limit yesterday?
Or may be I have an invalid file entry which started chrashing the google server?
How can I investigate?
Thanks!

Googleapi searching drive by title always returns 0 items

I'm using google api dot net client, and i'm a bit confused.
Following code returns me the entire list of a specific folder (with an Id: XXXXXXXXXXXXXXXXXXXXX).
List<File> result = new List<File>();
FilesResource.ListRequest request = service.Files.List();
request.Q = "'XXXXXXXXXXXXXXXXXXXXX' in parents";
request.MaxResults = 35;
FileList files = request.Fetch();
As example one item of this FileList is
"id": "0B5XhOfl0NZ2cZ1M1aVBPcVlTUTA",
"title": "87BC1CAE-A01C-43A1-BB21-BE3DA6D6C7DC"
If i change the query, searching for a title, i receive always an empty FileList.
List<File> result = new List<File>();
FilesResource.ListRequest request = service.Files.List();
request.Q = "title = '87BC1CAE-A01C-43A1-BB21-BE3DA6D6C7DC'";
request.MaxResults = 35;
FileList files = request.Fetch();
It does'nt matter, if the operator is '=' or 'contains', or by searching only a part of the directory name:
title contains '87BC1CAE'
I receive correct results only by searching for IDs.
Following code works flawless:
File file = service.Files.Get(fileId).Fetch();
Console.WriteLine("Title: " + file.Title);
Console.WriteLine("Description: " + file.Description);
Console.WriteLine("MIME type: " + file.MimeType);
Help please :)
#AliAfshar
Raw HTTP responses:
1st case (title = '87BC1CAE-A01C-43A1-BB21-BE3DA6D6C7DC')
request.Fetch()
TestGoogleApi.vshost.exe Information: 0 : DotNetOpenAuth, Version=4.0.0.11165, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
TestGoogleApi.vshost.exe Information: 0 : Preparing to send AssertionFlowMessage (2.0) message.
TestGoogleApi.vshost.exe Information: 0 : Sending AssertionFlowMessage request.
TestGoogleApi.vshost.exe Information: 0 : HTTP POST https://accounts.google.com/o/oauth2/token
TestGoogleApi.vshost.exe Information: 0 : The following required parameters were missing from the DotNetOpenAuth.OAuth2.Messages.AccessTokenFailedResponse message: {error,}
TestGoogleApi.vshost.exe Information: 0 : Received UnauthorizedResponse response.
{Google.Apis.Drive.v2.Data.FileList}
_etag: "\"Q0cVodxX8sh4vfxZTlOyWcmmc0k/vyGp6PvFo4RvsFtPoIWeCReyIC8\""
_items: Count = 0
_kind: null
_nextLink: null
_nextPageToken: null
_selfLink: null
ETag: "\"Q0cVodxX8sh4vfxZTlOyWcmmc0k/vyGp6PvFo4RvsFtPoIWeCReyIC8\""
Items: Count = 0
Kind: null
NextLink: null
NextPageToken: null
SelfLink: null
2nd case ('XXXXXXXXXXXXXXXXXXXXXX' in parents )
request.Fetch()
TestGoogleApi.vshost.exe Information: 0 : DotNetOpenAuth, Version=4.0.0.11165, Culture=neutral, PublicKeyToken=2780ccd10d57b246 (official)
TestGoogleApi.vshost.exe Information: 0 : Preparing to send AssertionFlowMessage (2.0) message.
TestGoogleApi.vshost.exe Information: 0 : Sending AssertionFlowMessage request.
TestGoogleApi.vshost.exe Information: 0 : HTTP POST https://accounts.google.com/o/oauth2/token
TestGoogleApi.vshost.exe Information: 0 : The following required parameters were missing from the DotNetOpenAuth.OAuth2.Messages.AccessTokenFailedResponse message: {error,}
TestGoogleApi.vshost.exe Information: 0 : Received UnauthorizedResponse response.
{Google.Apis.Drive.v2.Data.FileList}
_etag: "\"Q0cVodxX8sh4vfxZTlOyWcmmc0k/Jyx7utsp71-_JwU5RHnI_VZmL5o\""
_items: Count = 1575
_kind: null
_nextLink: null
_nextPageToken: null
_selfLink: null
ETag: "\"Q0cVodxX8sh4vfxZTlOyWcmmc0k/Jyx7utsp71-_JwU5RHnI_VZmL5o\""
Items: Count = 1575
Kind: null
NextLink: null
NextPageToken: null
SelfLink: null
Updated on 2013 Feb 02
Ok excuse me for delay.
i used fiddler and here is captured result:
first request:
POST https://accounts.google.com/o/oauth2/token HTTP/1.1
Content-Type: application/x-www-form-urlencoded; charset=utf-8
User-Agent: DotNetOpenAuth/4.0.0.11165
Host: accounts.google.com
Cache-Control: no-store,no-cache
Pragma: no-cache
Content-Length: 603
Connection: Keep-Alive
grant_type=assertion&assertion_type=http%3A%2F%2Foauth.net%2Fgrant_type%2Fjwt%2F1.0%2Fbearer&assertion=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiI0MjYwNjE5OTE1NzktYXEzMHBhcmVsYmpsb3BrMjlqcXFvdjhsdWhic2o3YjdAZGV2ZWxvcGVyLmdzZXJ2aWNlYWNjb3VudC5jb20iLCJzY29wZSI6Imh0dHBzOi8vd3d3Lmdvb2dsZWFwaXMuY29tL2F1dGgvZHJpdmUiLCJhdWQiOiJodHRwczovL2FjY291bnRzLmdvb2dsZS5jb20vby9vYXV0aDIvdG9rZW4iLCJleHAiOjEzNjAwNjA0NDMsImlhdCI6MTM2MDA1Njg0M30.dk7Vdu-................-LIw0sFrVko-VWL7-elhz59VQcU_.........
first answer:
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Tue, 05 Feb 2013 09:34:03 GMT
Content-Type: application/json
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 128
{
"access_token" : "ya29.AHES6ZS-...........-a8HRHfMZ-NxXekx",
"token_type" : "Bearer",
"expires_in" : 3600
}
second request:
GET https://www.googleapis.com/drive/v2/files?alt=json&fields=items(id%2Ctitle)%2CnextPageToken&prettyPrint=true&maxResults=2000&q=title%20%3D%20'87BC1CAE-A01C-43A1-BB21-BE3DA6D6C7DC' HTTP/1.1
Authorization: Bearer ya29.AHES6ZS-...........-a8HRHfMZ-NxXekx
Content-Type: application/json; charset=utf-8
User-Agent: TestGoogleApi google-api-dotnet-client/ Win32NT/6.1.7600.0 (gzip)
Host: www.googleapis.com
Accept-Encoding: gzip, deflate
second answer:
HTTP/1.1 200 OK
Expires: Tue, 05 Feb 2013 09:34:04 GMT
Date: Tue, 05 Feb 2013 09:34:04 GMT
Cache-Control: private, max-age=0, must-revalidate, no-transform
ETag: "Q0cVodxX8sh4vfxZTlOyWcmmc0k/vyGp6PvFo4RvsFtPoIWeCReyIC8"
Content-Type: application/json; charset=UTF-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 17
Server: GSE
{
"items": []
}
as you see items count is 0.
If i make the same request via web interface
https://developers.google.com/drive/v2/reference/files/list it gives me 2 items, as it should be.
This is made with https://developers.google.com/oauthplayground/
GET /drive/v2/files?alt=json&fields=items(id%2Ctitle)%2CnextPageToken&prettyPrint=true&maxResults=2000&q=title%20%3D%20'87BC1CAE-A01C-43A1-BB21-BE3DA6D6C7DC' HTTP/1.1
Host: www.googleapis.com
Content-length: 0
Authorization: OAuth ya29.AHES6ZSDr7bDFMQxjR........ObzyEhkzQmN
HTTP/1.1 200 OK
Content-length: 220
Via: HTTP/1.1 GWA
Content-location: https://www.googleapis.com/drive/v2/files?alt=json&fields=items(id%2Ctitle)%2CnextPageToken&prettyPrint=true&maxResults=2000&q=title%20%3D%20'87BC1CAE-A01C-43A1-BB21-BE3DA6D6C7DC'
X-content-type-options: nosniff
Etag: "Q0cVodxX8sh4vfxZTlOyWcmmc0k/oUg90Ml6_g3EsaXCogiJOEMkZ-M"
X-google-cache-control: remote-fetch
-content-encoding: gzip
Server: GSE
Reason: OK
X-xss-protection: 1; mode=block
Cache-control: private, max-age=0, must-revalidate, no-transform
Date: Tue, 05 Feb 2013 15:30:09 GMT
X-frame-options: SAMEORIGIN
Content-type: application/json; charset=UTF-8
Expires: Tue, 05 Feb 2013 15:30:09 GMT
{
"items": [
{
"id": "0B5XhOf....VlTUTA",
"title": "87BC1CAE-A01C-43A1-BB21-BE3DA6D6C7DC"
},
{
"id": "0B5XhO....EbGRLVVVReGM",
"title": "87BC1CAE-A01C-43A1-BB21-BE3DA6D6C7DC"
}
]
}
Thank you very much, i really appreciate your help

Looks like the confusion is due to the fact that you are using a service account in your code, but comparing the results with what you see in the web interface.
When using the web interface or the OAuth Playground, you are authorizing the app to use your personal account and not a service account. The service account doesn't have access to the same files you have access to, as it is actually an application-owned account.
If you want to use a service account to access your files, you should perform domain-wide delegation as explained at https://developers.google.com/drive/delegation
This still doesn't explain why some queries return results and others don't, but please try everything again without using service accounts and update the issue if things still don't work as expected.