: Should 304 Not Modified responses include the "Last Modified" header? I've been using the most excellent http://redbot.org tool for testing have HTTP headers on my site correct (its custom code
I've been using the most excellent redbot.org tool for testing have HTTP headers on my site correct (its custom code in PHP serving dynamic content - wanting to ensure it cached where possible - served by Apache2)
One of the tests says:
The If-Modified-Since response is missing required headers
HTTP requires 304 Not Modified responses to have certain headers, if they are also present in a normal (e.g., 200 OK response).
This response is missing the following headers: last-modified.
This can affect cache operation; because the headers are missing, caches might remove them from their cached copies.
... so resonse doesnt include the Last-Modified header. However the code does try to send it. Investigating further, it seems that Apache uses a whitelist of HTTP headers, it will allow on 304 responses...
if (r->status == HTTP_NOT_MODIFIED) {
apr_table_do((int (*)(void *, const char *, const char *)) form_header_field,
(void *) &h, r->headers_out,
"Connection",
"Keep-Alive",
"ETag",
"Content-Location",
"Expires",
"Cache-Control",
"Vary",
"Warning",
"WWW-Authenticate",
"Proxy-Authenticate",
"Set-Cookie",
"Set-Cookie2",
NULL);
}
else {
send_all_header_fields(&h, r);
}
This is found around line 1281 in modules/http/http_filters.c of the Apache HTTPD 2.2.22 source code.
.... "Last-Modified" is not on that list.
So the question is - which is wrong, redbot, or Apache?
www.w3.org/Protocols/rfc2616/rfc2616-sec10.html doesn't seem to specify if the Last-Modified should be included. (it does say the Etag should be - and that is allowed in Apaches list)
Just incase its useful, this is the test case: redbot.org/?uri=http%3A%2F%2Fwww.geograph.org.uk%2Fhelp%2Fsitemap - my code does include the Last-Modified header - its just that redbot never gets it (nor any custom X-.. headers).
More posts by @Kevin317
2 Comments
Sorted by latest first Latest Oldest Best
You're correct. RED implemented the requirements from HTTPbis tools.ietf.org/html/draft-ietf-httpbis-p4-conditional-18#section-4.1.
Normally, HTTPbis requirements are backwards-compatible with RFC2616 (i.e., they don't make implementations that were conformant to 2616 non-conformance now), but this change slipped through -- we'll be opening an issue to fix that, and in the meantime I'll change REDs requirements.
No, Last-Modified is not required, as you cited from RFC 2616. I've found this issue github.com/mnot/redbot/issues/61 in which they implemented the check for required headers. However, they stated in the issue that only "Date" was required, but the implementation was different (by mistake, I think).
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.