php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #55063 Additional headers are ignored when returning HTTP status 304
Submitted: 2011-06-29 05:56 UTC Modified: 2015-07-16 11:18 UTC
Votes:5
Avg. Score:4.2 ± 1.0
Reproduced:4 of 4 (100.0%)
Same Version:1 (25.0%)
Same OS:1 (25.0%)
From: evert at rooftopsolutions dot nl Assigned:
Status: Not a bug Package: Apache2 related
PHP Version: 5.3.6 OS: Any
Private report: No CVE-ID: None
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: evert at rooftopsolutions dot nl
New email:
PHP Version: OS:

 

 [2011-06-29 05:56 UTC] evert at rooftopsolutions dot nl
Description:
------------
When HTTP status 304 is set, Apache appears to ignore any other headers. X-
Powered-By is also missing, which was the first hint that something was up in 
either the SAPI or Apache.

I'm not fully sure this is a PHP bug, or an Apache bug though, so feel free to 
close it if I put it in the wrong space.

The practical use-case I have for this is the so-called CORS headers. When I do a 
cross-domain request within firefox, and CORS headers have expired firefox 
requires them to be set, even for the 304 response. Since they get stripped, 
firefox just throws an error. 

Test script:
---------------
header('HTTP/1.1 304 Not Modified')
header('X-Foo: Bar');

Expected result:
----------------
The X-Foo header returned

Actual result:
--------------
All custom headers are ignored

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-07-16 08:09 UTC] mike@php.net
-Status: Open +Status: Not a bug
 [2015-07-16 08:09 UTC] mike@php.net
Sorry, but your problem does not imply a bug in PHP itself.  For a
list of more appropriate places to ask for help using PHP, please
visit http://www.php.net/support.php as this bug system is not the
appropriate forum for asking support questions.  Due to the volume
of reports we can not explain in detail here why your report is not
a bug.  The support channels will be able to provide an explanation
for you.

Thank you for your interest in PHP.

Apache will only send the following header fields on 304:

                     "Connection",
                     "Keep-Alive",
                     "ETag",
                     "Content-Location",
                     "Expires",
                     "Cache-Control",
                     "Vary",
                     "Warning",
                     "WWW-Authenticate",
                     "Proxy-Authenticate",
                     "Set-Cookie",
                     "Set-Cookie2",

See https://github.com/apache/httpd/blob/2.4.x/modules/http/http_filters.c#L1332
 [2015-07-16 11:18 UTC] mike@php.net
Sorry for the blurb; note to self: avoid the quick-fix dropdown.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Sun Dec 01 17:01:32 2024 UTC