httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject [Bug 51223] 304 HTTP Not Modified strips out CORS headers
Date Mon, 16 May 2016 14:29:44 GMT
https://bz.apache.org/bugzilla/show_bug.cgi?id=51223

--- Comment #14 from Eric Covener <covener@gmail.com> ---
(In reply to rdehouss from comment #13)
> Hello,
> 
> I do face the issue as well.
> 
> Cross domain, I fetch a resource which is cacheable and when apache respond
> with 304, the CORS headers are not present and so, the browser (Firefox in
> this case) alerts with:
> ross-Origin Request Blocked: The Same Origin Policy disallows reading the
> remote resource at http://test.com/test.json. (Reason: CORS header
> 'Access-Control-Allow-Origin' does not match 'http://test.com').
> 
> If I do a hard refresh, I get back a status 200 and with it, the CORS
> headers are well there.
> 
> I also do send the Vary: Origin to specify that the cache should take into
> account the Origin header but it does not help.
> 
> Can the patch provided be considered?

Can you share the request and response headers both on the initial uncached
request and the subsequent conditional request?  Based on @mnot's posts in this
PR, it seems like there is yet to be a "natural" case of this being an issue
documented.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message