https://bz.apache.org/bugzilla/show_bug.cgi?id=61820

            Bug ID: 61820
           Summary: 304 headers stripped
           Product: Apache httpd-2
           Version: 2.0-HEAD
          Hardware: All
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Core
          Assignee: bugs@httpd.apache.org
          Reporter: m...@mnot.net
  Target Milestone: ---

In http_filters:ap_http_header_filter, 304 responses get special treatment, in
that they're sent with only a fixed set of headers (if present):

1414        if (r->status == HTTP_NOT_MODIFIED) {
1415            apr_table_do((int (*)(void *, const char *, const char *))
form_header_field,
1416                         (void *) &h, r->headers_out,
1417                         "Connection",
1418                         "Keep-Alive",
1419                         "ETag",
1420                         "Content-Location",
1421                         "Expires",
1422                         "Cache-Control",
1423                         "Vary",
1424                         "Warning",
1425                         "WWW-Authenticate",
1426                         "Proxy-Authenticate",
1427                         "Set-Cookie",
1428                         "Set-Cookie2",
1429                         NULL);
1430        }

<https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?revision=1777672&view=markup#l1414>

This means that any header value that a generator (whether CGI, an upstream
origin via mod_proxy, etc.) updates in a 304 will be lost.

RFC7234 specifies how headers on a 304 are supposed to be handled:
  http://httpwg.org/specs/rfc7234.html#freshening.responses

This has caused interoperability problems in the wild, e.g.,:
  https://github.com/hueniverse/hawk/issues/224

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org
For additional commands, e-mail: bugs-h...@httpd.apache.org

Reply via email to