HTTP-TPC push unable to overwrite destination

[vokac]

dCache/11.2.3 is not able to overwrite existing destination with HTTP-TPC push

export DST=https://atlasdcache-kit.gridka.de:2880/pnfs/gridka.de/atlas/disk-only/atlasdatadisk/SAM/test.exists
export SRC=https://atlasdcache-kit.gridka.de:2880/pnfs/gridka.de/atlas/disk-only/atlasdatadisk/SAM/test.tpc
curl -v --capath /etc/grid-security/certificates -L -X COPY -H 'RequireChecksumVerification: false' -H 'Credential: none' -H "Authorization: Bearer $TSRC" -H "TransferHeaderAuthorization: Bearer $TDST" -H "Destination: $DST" "$SRC"
*   Trying 2a00:139c:8:0:6241:dd:510c:4d7e:2880...
* Connected to atlasdcache-kit.gridka.de (2a00:139c:8:0:6241:dd:510c:4d7e) port 2880 (#0)
...
> COPY /pnfs/gridka.de/atlas/disk-only/atlasdatadisk/SAM/test.tpc HTTP/1.1
> Host: atlasdcache-kit.gridka.de:2880
> User-Agent: curl/7.76.1
> Accept: */*
> RequireChecksumVerification: false
> Credential: none
> Authorization: Bearer SE_OR_JWT_token1
> TransferHeaderAuthorization: Bearer SE_OR_JWT_token2
> Destination: https://atlasdcache-kit.gridka.de:2880/pnfs/gridka.de/atlas/disk-only/atlasdatadisk/SAM/test.exists
...
< HTTP/1.1 202 Accepted
< Date: Fri, 08 May 2026 02:56:46 GMT
< Server: dCache/11.2.3
< Content-Type: text/perf-marker-stream
< Transfer-Encoding: chunked
...
failure: rejected PUT: 409 Conflict

Same result also with explicit Overwrite: T header, also same result for SE-Token and WLCG JWT token (with storage.read & storage.modify scopes).

This is regression with respect to the dCache/10.2.21 where same test works fine. Actually, there is different issue with dCache/10.2.21 which overwrite destination even if HTTP-TPC pull request is called with Ovdrwrite: F header

export SRC=https://se1.farm.particle.cz/atlas/atlasscratchdisk/SAM/test.tpc
export DST=https://se1.farm.particle.cz/atlas/atlasscratchdisk/SAM/test.exists
export TSRC=$(curl --silent --cert /tmp/x509up_u$(id -u) --key /tmp/x509up_u$(id -u) --cacert /tmp/x509up_u$(id -u) --capath /etc/grid-security/certificates -X POST -H 'Content-Type: application/macaroon-request' -d '{"caveats": ["activity:DOWNLOAD"], "validity": "PT30M"}' "$SRC" | jq -r '.macaroon')
export TDST=$(curl --silent --cert /tmp/x509up_u$(id -u) --key /tmp/x509up_u$(id -u) --cacert /tmp/x509up_u$(id -u) --capath /etc/grid-security/certificates -X POST -H 'Content-Type: application/macaroon-request' -d '{"caveats": ["activity:UPLOAD,DELETE,LIST,MANAGE"], "validity": "PT30M"}' "$DST" | jq -r '.macaroon')
curl -v --capath /etc/grid-security/certificates -L -X COPY -H 'Overwrite: T' -H 'RequireChecksumVerification: false' -H 'Credential: none' -H "Authorization: Bearer $TSRC" -H "TransferHeaderAuthorization: Bearer $TDST" -H "Destination: $DST" "$SRC"
curl -v --capath /etc/grid-security/certificates -L -X COPY -H 'Overwrite: F' -H 'RequireChecksumVerification: false' -H 'Credential: none' -H "Authorization: Bearer $TSRC" -H "TransferHeaderAuthorization: Bearer $TDST" -H "Destination: $DST" "$SRC"
...
> COPY /atlas/atlasscratchdisk/SAM/test.tpc HTTP/1.1
> Host: se1.farm.particle.cz
> User-Agent: curl/7.76.1
> Accept: */*
> Overwrite: F
> RequireChecksumVerification: false
> Credential: none
> Authorization: Bearer SE_token1
> TransferHeaderAuthorization: Bearer SE_token2
> Destination: https://se1.farm.particle.cz/atlas/atlasscratchdisk/SAM/test.exists
...
< HTTP/1.1 202 Accepted
< Date: Fri, 08 May 2026 03:05:47 GMT
< Server: dCache/10.2.21
< Content-Type: text/perf-marker-stream
< Transfer-Encoding: chunked
...
success: Created

I would expect HTTP 412 Precondition Failed for COPY with existing destination and Overwrite: F.