Re: CORS and 304

On Dec 4, 2013 3:27 AM, "Karl Dubost" <karl@la-grange.net> wrote:
>
>
> Le 4 déc. 2013 à 06:08, Jonas Sicking <jonas@sicking.cc> a écrit :
> > What do you mean "scraps them"? What headers are we talking about here,
response or request headers?
>
> response headers. :)

So you mean that if a CGI does a 304 redirect and sends some response
headers and a response body, then apache will filter out the headers but
send the 304 and the body? Is this specific to 304s?

Either way, a security issue can't be ignored because servers suck. We
should still require the headers to be sent. Authors can always use other
30x responses.

/ Jonas

Received on Wednesday, 4 December 2013 11:38:46 UTC