Apache ignoring PHP headers when sending a 304

前端 未结 4 1995
既然无缘
既然无缘 2021-01-18 08:25

When I set a custom header in Apache + mod_php5, this works fine:

header(\'Foo: Bar\');

But when I try this while also sending a 3

相关标签:
4条回答
  • 2021-01-18 09:08

    I do a trick to solve this issue by : 1. put all header before 304 header 2. flush these header before send 304

    header('Foo: Bar');
    flush();
    header('HTTP/1.1 304 No Content');
    

    Apache will not remove any header until it found 304. We force other header send out by flush() before send 304. That apache can not hurt me.

    0 讨论(0)
  • 2021-01-18 09:08

    Try:

    header('Foo: bar', true, 304);
    
    0 讨论(0)
  • 2021-01-18 09:09

    Does this not answer the question?

    If the conditional GET used a strong cache validator (see section 13.3.3), the response SHOULD NOT include other entity-headers. Otherwise (i.e., the conditional GET used a weak validator), the response MUST NOT include other entity-headers; this prevents inconsistencies between cached entity-bodies and updated headers.

    from http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.5

    0 讨论(0)
  • 2021-01-18 09:18

    As of Apache 2.4.23 (the latest release as of today, as far as I know), you're not going to be able to get around that problem when you send a 304 "Not Modified" response because, indeed, Apache does explicitly remove all non-whitelisted headers:

    http://svn.apache.org/viewvc/httpd/httpd/tags/2.4.23/modules/http/http_filters.c?view=markup#l1331

    So, whether we like it or not (because I'm on the same boat of having my CORS headers removed by Apache from the response when I send a 304), it does seem like Apache is following the RFC recommendation and it's indeed treating everything that falls outside of that list as entity headers.

    One solution is to patch-up the Apache source to extend that list and turn to deploying your home-grown package to your server(s), but that's definitely not without a long list of implications of its own. On the flip side, I hear that nginx doesn't suffer from this problem.

    The content that I'm delivering will be consumed, among others, by WebGL runtimes in standard browsers, so if they do complain about the lack of CORS in my 304 responses I'm going to have to turn everything to 200 OK and forego the bandwidth savings.

    0 讨论(0)
提交回复
热议问题