Bug 25123

Summary: 304 - Not Modified does not return Expires/Cache-Control headers
Product: Apache httpd-2 Reporter: Marc Jauvin <marc>
Component: mod_expiresAssignee: Apache HTTPD Bugs Mailing List <bugs>
Status: CLOSED DUPLICATE    
Severity: major    
Priority: P3    
Version: 2.0.48   
Target Milestone: ---   
Hardware: PC   
OS: Linux   

Description Marc Jauvin 2003-12-01 20:42:44 UTC
According to W3C spec of 304 response header 
(http://www.w3.org/Protocols/HTTP/HTRESP.html):
"Response headers are as if the client had sent a HEAD request, but limited to 
only those headers which make sense in this context. This means only headers 
that are relevant to cache managers and which may have changed independently 
of the document's Last-Modified date. Examples include Date , Server and 
Expires . "


The following example shows the results of a request done to an Apache2 server:

# curl -s -I http://jauvin.com/images/email.gif
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2003 20:34:15 GMT
Server: Apache/2
Vary: Host
Last-Modified: Fri, 20 Dec 2002 15:49:27 GMT
ETag: "6cd17-51aa-dab1cfc0"
Accept-Ranges: bytes
Content-Length: 20906
Cache-Control: max-age=7200
Expires: Mon, 01 Dec 2003 22:34:15 GMT
Content-Type: image/gif

# curl -s -I http://jauvin.com/images/email.gif -H 'If-Modified-Since: Fri, 30
Nov 2003 08:43:27 GMT'
HTTP/1.1 304 Not Modified
Date: Mon, 01 Dec 2003 20:34:16 GMT
Server: Apache/2
ETag: "6cd17-51aa-dab1cfc0"
Vary: Host


We can see from the first request, that the "Expires/Cache-Control" headers are
missing from the second request (304).

Here is an example on an Apache 1.3.X server:

# curl -s -I http://redhat.com/img/homepg_rh_logo.gif
HTTP/1.1 200 OK
Date: Mon, 01 Dec 2003 20:41:00 GMT
Server: Apache
Set-Cookie: Apache=65.39.170.200.235271070311260394; path=/; expires=Sat,
29-Nov-08 20:41:00 GMT
Cache-Control: max-age=86400
Expires: Tue, 02 Dec 2003 20:41:00 GMT
Last-Modified: Thu, 07 Jun 2001 13:01:59 GMT
ETag: "bd440-46c-3b1f7b47"
Accept-Ranges: bytes
Content-Length: 1132
Content-Type: image/gif

# curl -s -I http://redhat.com/img/homepg_rh_logo.gif -H 'If-Modified-Since:
Fri, 30 Nov 2003 08:43:27 GMT'
HTTP/1.1 304 Not Modified
Date: Mon, 01 Dec 2003 20:41:00 GMT
Server: Apache
ETag: "bd440-46c-3b1f7b47"
Expires: Tue, 02 Dec 2003 20:41:00 GMT
Cache-Control: max-age=86400


As we can see here, both queries contain the "Expires/Cache-Control" headers.
Comment 1 André Malo 2003-12-01 20:48:52 UTC
Both responses look correct to me. From RFC 2616:

10.3.5 304 Not Modified

[...]
   The response MUST include the following header fields:
[...]
      - Expires, Cache-Control, and/or Vary, if the field-value might
        differ from that sent in any previous response for the same
        variant

So if the fields don't differ, they may or may not be sent, right?
Comment 2 Marc Jauvin 2003-12-01 21:05:24 UTC
I guess it depends on what "previous response for the same variant" means... but
why is Apache 1.3.X returning those headers?
Comment 3 Joshua Slive 2003-12-01 23:07:22 UTC

*** This bug has been marked as a duplicate of 24884 ***
Comment 4 Paul J. Reder 2003-12-01 23:40:25 UTC
This is a valid bug. Try setting the ExpiresByType to "access plus 5 minutes".
Every acccess should get a new Expires header but doesn't. Please see
http://marc.theaimsgroup.com/?l=apache-httpd-dev&m=106947094322141&w=2 for a
summary of the problem. I'm still looking for the solution.
Comment 5 Paul J. Reder 2003-12-12 17:34:24 UTC
This PR has been fixed in the 2.1-dev branch and has been suggested for
backporting to the 2.0 stable branch. Thank you for using Apache and for
submitting this report.