action #164418
Updated by nicksinger 3 days ago
## Motivation
In #162038 we realized that the message "timestamp mismatch - check whether clocks on the local host and the web UI host are in sync" can actually happen not only when clocks on hosts differ (or replay attacks) but also when the webUI is completely stalled for multiple minutes, e.g. due to fstrim, see #163592 . We should distinguish those two cases and at least try to distinguish in the error messages.
## Suggestions
* Inn https://gitlab.suse.de/openqa/salt-states-openqa/-/merge_requests/1228 you can see how to add headers to an incoming request before it gets passed to openQA
* Introduce a new header containing a timestamp - do **NOT** use the `X-Build-Tx-Time`(!!)
* In case of errors compare the generated hmac timestamp - the diff shows how long a request had to be hold back before our application could actually act on it
* Extend or replace the reason (variable most likely?) with the gained information