From: Graham Leggett <minfrin@apache.org>
Date: Sat, 16 Jan 2021 13:27:39 +0000 (+0000)
Subject: Backport to 2.4:
X-Git-Tag: 2.4.47~162
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2d0e7dc5659f34250301fa5fc0ce4de6f63c25d6;p=thirdparty%2Fapache%2Fhttpd.git

Backport to 2.4:

  *) core: Correctly strip unwanted headers on 304 response
     Trunk version of patch:
        http://svn.apache.org/r1881590
        http://svn.apache.org/r1881624
     +1: ylavic, covener, minfrin



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1885569 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 4d6bf6969da..c11d634a14f 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.47
 
+  *) core: Remove headers on 304 Not Modified as specified by RFC7234, as
+     opposed to passing an explicit subset of headers. PR 61820.
+     [Giovanni Bechis]
+
   *) mpm_event: don't reset connections after lingering close, restoring prior
      to 2.4.28 behaviour.  [Yann Ylavic]
 
diff --git a/STATUS b/STATUS
index e20d3ed7d0e..bc52f1723dd 100644
--- a/STATUS
+++ b/STATUS
@@ -138,12 +138,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) core: Correctly strip unwanted headers on 304 response
-     Trunk version of patch:
-        http://svn.apache.org/r1881590
-        http://svn.apache.org/r1881624
-     +1: ylavic, covener, minfrin
-
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/modules/http/http_filters.c b/modules/http/http_filters.c
index 3bb85c71c03..251b0ff73d9 100644
--- a/modules/http/http_filters.c
+++ b/modules/http/http_filters.c
@@ -1497,25 +1497,21 @@ AP_CORE_DECLARE_NONSTD(apr_status_t) ap_http_header_filter(ap_filter_t *f,
     h.bb = b2;
 
     if (r->status == HTTP_NOT_MODIFIED) {
-        apr_table_do((int (*)(void *, const char *, const char *)) form_header_field,
-                     (void *) &h, r->headers_out,
-                     "Connection",
-                     "Keep-Alive",
-                     "ETag",
-                     "Content-Location",
-                     "Expires",
-                     "Cache-Control",
-                     "Vary",
-                     "Warning",
-                     "WWW-Authenticate",
-                     "Proxy-Authenticate",
-                     "Set-Cookie",
-                     "Set-Cookie2",
-                     NULL);
-    }
-    else {
-        send_all_header_fields(&h, r);
-    }
+      /*
+       * List of headers that must not be updated on a 304 (or 206 partial content)
+       * https://tools.ietf.org/id/draft-ietf-httpbis-cache-08.txt
+       */
+      apr_table_unset(r->headers_out, "Content-Encoding");
+      apr_table_unset(r->headers_out, "Content-Length");
+      apr_table_unset(r->headers_out, "Content-MD5");
+      apr_table_unset(r->headers_out, "Content-Range");
+      apr_table_unset(r->headers_out, "ETag");
+      apr_table_unset(r->headers_out, "TE");
+      apr_table_unset(r->headers_out, "Trailer");
+      apr_table_unset(r->headers_out, "Transfer-Encoding");
+      apr_table_unset(r->headers_out, "Upgrade");
+    }
+    send_all_header_fields(&h, r);
 
     terminate_header(b2);