If-Overwritten-Version header not enforced when accessed via TinyNode #230
Description
Summary
The If-Overwritten-Version header for optimistic locking is documented in the RERUM API but does not appear to be enforced when /overwrite requests come through TinyNode (tiny.rerum.io).
Background
According to the RERUM API documentation and the server code in controllers/overwrite.js, the If-Overwritten-Version header should be checked against __rerum.isOverwritten to detect concurrent edit conflicts.
The server code shows this logic:
const expectedVersion = req.get('If-Overwritten-Version') ?? req.body.__rerum?.isOverwritten
const currentVersionTS = originalObject.__rerum?.isOverwritten ?? ""
if (expectedVersion !== undefined && expectedVersion !== currentVersionTS) {
// Should return 409 Conflict
}The Problem
When accessing RERUM through TinyNode (tiny.rerum.io/overwrite), the If-Overwritten-Version header is sent correctly but the version check is not enforced - requests succeed even with version mismatches.
Steps to Reproduce
- Load an object via
store.rerum.io/v1/id/{id}- note__rerum.isOverwritten(e.g.,2025-11-30T20:31:57.853) - Send
/overwritetotiny.rerum.io- this updatesisOverwrittento new value - Send another
/overwritetotiny.rerum.iowith headerIf-Overwritten-Version: 2025-11-30T20:31:57.853(old value) - Expected: 409 Conflict
- Actual: 200 OK, silent overwrite
Questions
- Does TinyNode pass through the
If-Overwritten-Versionheader to RERUM? - Is the optimistic locking check implemented in TinyNode or expected to be handled by RERUM?
- Is there a configuration needed to enable this feature?
Related
- TinyNode issue: If-Overwritten-Version header not enforced on /overwrite endpoint TinyNode#106
- RERUM API docs: https://store.rerum.io/v1/API.html#overwrite