https://bz.apache.org/bugzilla/show_bug.cgi?id=61820
Bug ID: 61820 Summary: 304 headers stripped Product: Apache httpd-2 Version: 2.0-HEAD Hardware: All OS: All Status: NEW Severity: normal Priority: P2 Component: Core Assignee: bugs@httpd.apache.org Reporter: m...@mnot.net Target Milestone: --- In http_filters:ap_http_header_filter, 304 responses get special treatment, in that they're sent with only a fixed set of headers (if present): 1414 if (r->status == HTTP_NOT_MODIFIED) { 1415 apr_table_do((int (*)(void *, const char *, const char *)) form_header_field, 1416 (void *) &h, r->headers_out, 1417 "Connection", 1418 "Keep-Alive", 1419 "ETag", 1420 "Content-Location", 1421 "Expires", 1422 "Cache-Control", 1423 "Vary", 1424 "Warning", 1425 "WWW-Authenticate", 1426 "Proxy-Authenticate", 1427 "Set-Cookie", 1428 "Set-Cookie2", 1429 NULL); 1430 } <https://svn.apache.org/viewvc/httpd/httpd/trunk/modules/http/http_filters.c?revision=1777672&view=markup#l1414> This means that any header value that a generator (whether CGI, an upstream origin via mod_proxy, etc.) updates in a 304 will be lost. RFC7234 specifies how headers on a 304 are supposed to be handled: http://httpwg.org/specs/rfc7234.html#freshening.responses This has caused interoperability problems in the wild, e.g.,: https://github.com/hueniverse/hawk/issues/224 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: bugs-unsubscr...@httpd.apache.org For additional commands, e-mail: bugs-h...@httpd.apache.org