Created attachment 30817 [details] Don't strip the non-cacheable headers from a validated 304 response When mod_cache asks for a revalidation of a stale entry and the origin responds with a 304 (not that stale), the module strips the non-cacheable headers from the origin response and merges the stale headers to update the cache (before store_headers). The problem is that mod_cache won't forward the non-cacheable headers to the client, for example if the 304 response contains both Set-Cookie and 'Cache-Control: no-cache="Set-Cookie"' headers. The issue was already stated in bug 54706, comment 3, although not related to the changes made there (before the Cache-Control no-cache=/no-store= handling, the bug could arise using the CacheIgnoreHeaders directive, and still can), hence the comment was not taken into account. I also proposed to compute the cacheable headers once in bug 54706, comment 9, and fix this issue together by maintaining the cacheable/response headers separatly, but this is surely an overkill patch (reintroducing the request_config in mod_cache to preserve the API) for the only purpose of this issue. Finally a simple patch can do the job, and is attached here.
Created attachment 30823 [details] Fix headers forwarded from/as an origin 304 response In the same case, when the conditional request meets the conditions of the stale then revalidated entry, the forwarded 304 response includes the entity headers merged from the cached headers before updating the entry. This new patch does the same as the previous one but also stips the spurious entity headers on forwarded 304 responses. Note that since the entity headers are stripped elsewhere (line 1167, about 304 response as well and sections 10.3.3/10.3.5 of the RFC2616), the code has been moved to a function; and the missing headers "Expires" and "Content-Location" added to the list (the same list in server/protocol.c line 1225 includes them, should it not be an ap_ function to do that?).
Any news here ? Currently the Set-Cookie of a 304 response from the origin server is stripped. Regards.
> Currently the Set-Cookie of a 304 response from the origin server is stripped. Only with Cache-Control: no-cache="Set-Cookie" or alike, of course.
Fixed and released in 2.4.10