>Number: 4377 >Category: mod_expires >Synopsis: mod_expires overwrites any cache_control headers present >Confidential: no >Severity: serious >Priority: medium >Responsible: apache >State: open >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sun May 9 21:50:01 PDT 1999 >Last-Modified: >Originator: [EMAIL PROTECTED] >Organization: apache >Release: 1.3.6 >Environment: SunOS 5.6/SPARC, Linux 2.2.5, both with gcc >Description: If mod_expires is enabled and set to generate a header, it will also generate a Cache-Control: max-age header. If this is done, it's impossible to set any other Cache-Control: response headers via mod_headers, they will be silently overwritten by the max-age header. >How-To-Repeat: 1) build an apache: ./configure --enable-module=expires --enable-module=headers 2) put this into a .htaccess: ExpiresActive ON ExpiresDefault A15 Header append Cache-Control "public" >Fix: mod_expires should append the header, not overwrite it. >Audit-Trail: >Unformatted: [In order for any reply to be added to the PR database, ] [you need to include <[EMAIL PROTECTED]> in the Cc line ] [and leave the subject line UNCHANGED. This is not done] [automatically because of the potential for mail loops. ] [If you do not include this Cc, your reply may be ig- ] [nored unless you are responding to an explicit request ] [from a developer. ] [Reply only with text; DO NOT SEND ATTACHMENTS! ]
