https://bz.apache.org/bugzilla/show_bug.cgi?id=51223
--- Comment #21 from oberhamsi <[email protected]> --- (In reply to andyh from comment #20) > #19: Isn't that problem solved by including "vary: origin" on the response, > to indicate that the response depends on the value of the "origin" request > header? Even with vary:origin browser are still allowed to do a conditional request. And the 304 response will fail if it does not include the corrected ACAW-header. The cached response is 200 and still fresh but due to the different origins it "cannot be selected" https://tools.ietf.org/html/rfc7234#section-4.3 so a conditional request is made. The 304 must then contain the corrected ACAW-header so browsers can update the cached response: > use other header fields provided in the 304 (Not Modified) > response to replace all instances of the corresponding header > fields in the stored response. https://tools.ietf.org/html/rfc7234#section-4.3.4 -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
