Incorrect "If-Match" header can lead to data loss

[lbuchs]

Outlook CalDav Synchronizer does not send the correct "If-Match" Header with a PUT request when modify a entry.

Steps to reproduce:

1. Load a Event from server, server responses with ETag "11111".
2. Edit the event on the server side. the new ETag on the server is "22222".
3. Edit the event in outlook, then sync.

Now the CalDav Synchronizer does:

1.) A REPORT request to the calendar:

<?xml version="1.0"?>
<C:calendar-query xmlns:C="urn:ietf:params:xml:ns:caldav">
    <D:prop xmlns:D="DAV:">
        <D:getetag/>
    </D:prop>
    <C:filter>
        <C:comp-filter name="VCALENDAR">
            <C:comp-filter name="VEVENT">
                <C:time-range start="20241117T000000Z" end="20260117T000000Z"/>
            </C:comp-filter>
        </C:comp-filter>
    </C:filter>
</C:calendar-query>

2.) The server responses with the e-tag <d:getetag>"22222"</d:getetag>

3.) CalDav Synchronizer does a REPORT to get the new event data,

<?xml version="1.0"?>
<C:calendar-multiget xmlns:C="urn:ietf:params:xml:ns:caldav" xmlns:D="DAV:">
    <D:prop>
        <D:getetag/>
        <D:displayname/>
        <C:calendar-data/>
    </D:prop>
    <D:href>/address/to/my/card.ics</D:href>
</C:calendar-multiget>

4.) CalDav Synchronizer does a PUT request to send the modified card (which is based on ETag "1111") to the Server. But in the header it uses the ETag fetched before: If-Match: "22222"

PUT /address/to/my/card.ics
If-Match: "22222"

BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//ddaysoftware.com//NONSGML DDay.iCal 1.0//EN
BEGIN:VTIMEZONE
[... more ...]

5.) The Server should respond with 412 Precondition Failed because because the provided card is based on ETag "11111" , but it gets overwritten with the changes of ETag "22222" lost.

possible solution

When syncing, PUT requests should be made before fetching new data from the server.