[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 Goldtree Millers changed: What|Removed |Added URL||https://goldtreemillers.com

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #32 from Christoph Reiter --- I can confirm that at least "Access-Control-Allow-Origin" is missing for 304 in 2.4.38 in Debian Buster, and that it's there in 2.4.53 in Debian Bullseye. So I think this can be closed and is likely

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #31 from Ruediger Pluem --- (In reply to Christoph Reiter from comment #30) > Is this fixed, now that bug 61820 is fixed? And if yes, in which versions? Should be. Can you give it a try? If yes we can close this one here as a

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #30 from Christoph Reiter --- Is this fixed, now that bug 61820 is fixed? And if yes, in which versions? -- You are receiving this mail because: You are the assignee for the bug.

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #30 from Bukhari --- Also affected the site install on https://sunhillpure.com;>https://sunhillpure.com -- You are receiving this mail because: You are the assignee for the bug.

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #32 from peterjohnee1 --- Even when you are most idle and you do not know which game to choose to relax properly https://cookie-clicker2.com free -- You are receiving this mail because: You are the assignee for the bug.

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 Matt McCutchen changed: What|Removed |Added CC||m...@mattmccutchen.net --- Comment

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 sebast...@kip.pe changed: What|Removed |Added CC||sebast...@kip.pe -- You are

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #30 from havenhaven --- If I I been thinkin’ about what I want in my life. It begins and ends the samehad to choose what I couldn’t lose. There would only be one thing. I don’t wanna live without you https://super-smashflash2.com

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #29 from Emily Smith --- http://reallovebackspells.com/revenge-spells/ -- You are receiving this mail because: You are the assignee for the bug. - To

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #28 from samey --- i just ran into this issue. we were upgrading our APIs to have them send less data when we noticed that our off-site installs https://www.chiltanpure.com/ stopped working. I can fully confirm Michiel de Jong's

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 Ben RUBSON changed: What|Removed |Added CC||ben.rub...@gmail.com -- You are

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #27 from Matt --- A 304 to a conditional request generated by a browser is not required to have CORS headers. 192.168.0.1 https://19216801help.com/ -- You are receiving this mail because: You are the assignee for the bug.

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #26 from oberhamsi --- yes, we add the headers with mod_headers. i will think about 61820 -- You are receiving this mail because: You are the assignee for the bug.

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #25 from Mark Nottingham --- How are you setting CORS headers? If it's with .htaccess, in mind mind that's covered by 61820 (i.e., putting something in with mod_headers takes responsibility for "generating" it, and Apache shouldn't

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #24 from oberhamsi --- Thank you for pointing me to that bug. Our issues is with 304s generated by Apache in response to disk files. The discussion in 61820 seems to differentiate between responses generated by e.g. CGI and

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #23 from Mark Nottingham --- Arg. See bug 61820. -- You are receiving this mail because: You are the assignee for the bug. - To unsubscribe, e-mail:

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #22 from Mark Nottingham --- Yes - if you're trying to update a CORS header (and many others) in a 304, Apache will strip it. See #61820. -- You are receiving this mail because: You are the assignee for the bug.

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 oberhamsi changed: What|Removed |Added CC||simon.oberham...@gmail.com -- You are

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #21 from oberhamsi --- (In reply to andyh from comment #20) > #19: Isn't that problem solved by including "vary: origin" on the response, > to indicate that the response depends on the value of the "origin" request > header? Even

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #20 from andyh --- #19: Isn't that problem solved by including "vary: origin" on the response, to indicate that the response depends on the value of the "origin" request header? -- You are receiving

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 Szőgyényi Gábor changed: What|Removed |Added CC|

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #19 from herr.er...@gmail.com --- I've recently stumbled upon this issue. The problem doesn't occur when the CORS response headers are "static" (e.g. always a-c-a-o: *), but are dynamic. Basically, our setup serving static files is

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #18 from Mark Nottingham --- > 304/307 are now required to have the cors checks That is not what it says. A 304 to a conditional request generated by a browser is not required to have CORS headers, because the

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #17 from Edward Rudd --- The latest updates on the bug I reported over at mozilla states that the WhatWG spec on this has changed and 304/307 are now required to have the cors checks.. so Apache needs to be

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 herr.er...@gmail.com changed: What|Removed |Added CC||herr.er...@gmail.com -- You

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 Edward Rudd changed: What|Removed |Added OS||All --- Comment

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 bveill...@tetondata.com changed: What|Removed |Added Version|2.2.14 |2.4.10

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #14 from Eric Covener --- (In reply to rdehouss from comment #13) > Hello, > > I do face the issue as well. > > Cross domain, I fetch a resource which is cacheable and when apache respond > with 304, the CORS

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 rdeho...@gmail.com changed: What|Removed |Added CC||rdeho...@gmail.com --- Comment

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #12 from Eric Covener --- (In reply to Arthur Kopatsy from comment #0) > Created attachment 27027 [details] > Patch for the ubuntu package > > Per the RFC, HTTP Not Modified should not include entity headers

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #11 from a...@koalasafe.com --- We have the same issue. CGI Api + Javascript that's called cross origin. Has this been accepted as a BUG and the fix applied? -- You are receiving this mail because: You are the assignee for the

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #10 from Jörn Berkefeld joern.berkef...@gmail.com --- yes exactly - I am generating that manually. It's an API, not a static file. The problem is, that Apache strips the Access-Control-* headers that I also manually set from the

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #6 from Jörn Berkefeld joern.berkef...@gmail.com --- go to https://jsfiddle.net/7t84bj05/1/ you will see some video. in the dev toolset of your choice you will find a call to https://nlv.bittubes.com/api/a/3/ The first time it will

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #7 from Mark Nottingham m...@mnot.net --- Created attachment 32804 -- https://bz.apache.org/bugzilla/attachment.cgi?id=32804action=edit POST That's because you're using POST on it; see attached. -- You are receiving this mail

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #8 from Jörn Berkefeld joern.berkef...@gmail.com --- You know how they say a picture is worth a thousand words? - not always the case. Could you please elaborate on that? -- You are receiving this mail because: You are the

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #9 from Mark Nottingham m...@mnot.net --- (In reply to Jörn Berkefeld from comment #8) You know how they say a picture is worth a thousand words? - not always the case. Could you please elaborate on that? :) Browsers don't cache

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #4 from Jörn Berkefeld joern.berkef...@gmail.com --- just ran into this issue. we were upgrading our APIs to have them send less data when we noticed that our off-site installs stopped working. I can fully confirm Michiel de Jong's

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 Jörn Berkefeld joern.berkef...@gmail.com changed: What|Removed |Added CC|

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://bz.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #5 from Mark Nottingham m...@mnot.net --- Jörn, Can you give a page that reproduces it? Michiel's test isn't realistic; Apache won't send a 304 if the client doesn't send a conditional request. -- You are receiving this mail

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://issues.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #3 from Mark Nottingham m...@mnot.net --- Full test here: https://github.com/w3c/web-platform-tests/pull/1400 -- You are receiving this mail because: You are the assignee for the bug.

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://issues.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #2 from Michiel de Jong mich...@unhosted.org --- Mark Nottingham: browsers work without them present on it Maybe I misunderstood your point, but I was not able to reproduce that finding. My steps: * Run this node script on

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://issues.apache.org/bugzilla/show_bug.cgi?id=51223 --- Comment #1 from Mark Nottingham m...@mnot.net --- CORS doesn't require those headers on a 304, and indeed browsers work without them present on it. This is because many 304s are generated from intermediary caches that can't be updated

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://issues.apache.org/bugzilla/show_bug.cgi?id=51223 Peter Newman wiza...@gmail.com changed: What|Removed |Added CC||wiza...@gmail.com

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://issues.apache.org/bugzilla/show_bug.cgi?id=51223 Mark Nottingham m...@mnot.net changed: What|Removed |Added CC||m...@mnot.net --

[Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://issues.apache.org/bugzilla/show_bug.cgi?id=51223 webdev web...@blizzard.com changed: What|Removed |Added CC||web...@blizzard.com

DO NOT REPLY [Bug 51223] 304 HTTP Not Modified strips out CORS headers

https://issues.apache.org/bugzilla/show_bug.cgi?id=51223 Christophe JAILLET christophe.jail...@wanadoo.fr changed: What|Removed |Added Keywords|