php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55063 Additional headers are ignored when returning HTTP status 304
Submitted: 2011-06-29 05:56 UTC Modified: 2015-07-16 11:18 UTC
Votes:5
Avg. Score:4.2 ± 1.0
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:1 (25.0%)
From: evert at rooftopsolutions dot nl Assigned:
Status: Not a bug Package: Apache2 related
PHP Version: 5.3.6 OS: Any
Private report: No CVE-ID: None
View Add Comment Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
You can add a comment by following this link or if you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: evert at rooftopsolutions dot nl
New email:
PHP Version: OS:

 

 [2011-06-29 05:56 UTC] evert at rooftopsolutions dot nl
Description:
------------
When HTTP status 304 is set, Apache appears to ignore any other headers. X-
Powered-By is also missing, which was the first hint that something was up in 
either the SAPI or Apache.

I'm not fully sure this is a PHP bug, or an Apache bug though, so feel free to 
close it if I put it in the wrong space.

The practical use-case I have for this is the so-called CORS headers. When I do a 
cross-domain request within firefox, and CORS headers have expired firefox 
requires them to be set, even for the 304 response. Since they get stripped, 
firefox just throws an error. 

Test script:
---------------
header('HTTP/1.1 304 Not Modified')
header('X-Foo: Bar');

Expected result:
----------------
The X-Foo header returned

Actual result:
--------------
All custom headers are ignored

Patches

Add a Patch

Pull Requests

Add a Pull Request

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-16 08:09 UTC] mike@php.net
-Status: Open +Status: Not a bug
 [2015-07-16 08:09 UTC] mike@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Apache will only send the following header fields on 304:

                     "Connection",
                     "Keep-Alive",
                     "ETag",
                     "Content-Location",
                     "Expires",
                     "Cache-Control",
                     "Vary",
                     "Warning",
                     "WWW-Authenticate",
                     "Proxy-Authenticate",
                     "Set-Cookie",
                     "Set-Cookie2",

See https://github.com/apache/httpd/blob/2.4.x/modules/http/http_filters.c#L1332
 [2015-07-16 11:18 UTC] mike@php.net
Sorry for the blurb; note to self: avoid the quick-fix dropdown.
 
PHP Copyright © 2001-2022 The PHP Group
All rights reserved.
Last updated: Sun Jan 23 16:03:48 2022 UTC