fix: quote ETags per RFC 7232 in all backend implementations (#1307)

Agent-Logs-Url: https://github.com/Squidex/squidex/sessions/e06e5e02-4c13-427f-84a3-09a0531531cd

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: SebastianStehle <1236435+SebastianStehle@users.noreply.github.com>

backend/src/Squidex.Web/CommandMiddlewares/ETagCommandMiddleware.cs

@@ -54,6 +54,6 @@ public class ETagCommandMiddleware(IHttpContextAccessor httpContextAccessor) : I
 
     private static void SetResponsEtag(HttpContext httpContext, long version)
     {
-        httpContext.Response.Headers[HeaderNames.ETag] = version.ToString(CultureInfo.InvariantCulture);
+        httpContext.Response.Headers[HeaderNames.ETag] = $"\"{version.ToString(CultureInfo.InvariantCulture)}\"";
     }
 }

backend/src/Squidex.Web/ETagExtensions.cs

@@ -48,13 +48,13 @@ public static class ETagExtensions
                 hasher.AppendLong(item.Version);
             }
 
-            return hasher.GetHexStringAndReset();
+            return hasher.GetQuotedHexStringAndReset();
         }
     }
 
     public static string ToEtag<T>(this T entity) where T : Entity
     {
-        return entity.Version.ToString(CultureInfo.InvariantCulture);
+        return $"\"{entity.Version.ToString(CultureInfo.InvariantCulture)}\"";
     }
 
     public static bool TryParseEtagVersion(this HttpContext httpContext, string header, out long version)

backend/src/Squidex/Areas/Api/Controllers/Apps/AppImageController.cs

@@ -47,7 +47,7 @@ public sealed class AppImageController(
 
         var etag = App.Image.Etag;
 
-        Response.Headers[HeaderNames.ETag] = etag;
+        Response.Headers[HeaderNames.ETag] = $"\"{etag}\"";
 
         var callback = new FileCallback(async (body, range, ct) =>
         {

backend/src/Squidex/Areas/Api/Controllers/Assets/AssetContentController.cs

@@ -119,7 +119,7 @@ public sealed class AssetContentController(
             return NotFound();
         }
 
-        Response.Headers[HeaderNames.ETag] = asset.FileVersion.ToString(CultureInfo.InvariantCulture);
+        Response.Headers[HeaderNames.ETag] = $"\"{asset.FileVersion.ToString(CultureInfo.InvariantCulture)}\"";
 
         if (request.CacheDuration > 0)
         {

backend/tests/Squidex.Web.Tests/CommandMiddlewares/ETagCommandMiddlewareTests.cs

@@ -75,7 +75,7 @@ public class ETagCommandMiddlewareTests : GivenContext
 
         await HandleAsync(new CreateContent(), actual);
 
-        Assert.Equal(new StringValues("17"), httpContextAccessor.HttpContext!.Response.Headers[HeaderNames.ETag]);
+        Assert.Equal(new StringValues("\"17\""), httpContextAccessor.HttpContext!.Response.Headers[HeaderNames.ETag]);
     }
 
     [Fact]
@@ -85,7 +85,7 @@ public class ETagCommandMiddlewareTests : GivenContext
 
         await HandleAsync(new CreateContent(), actual);
 
-        Assert.Equal(new StringValues("17"), httpContextAccessor.HttpContext!.Response.Headers[HeaderNames.ETag]);
+        Assert.Equal(new StringValues("\"17\""), httpContextAccessor.HttpContext!.Response.Headers[HeaderNames.ETag]);
     }
 
     private async Task<CommandContext> HandleAsync(ICommand command, object actual)