Limit the headers removed for 304 response

closes #204

HISTORY.md

@@ -2,6 +2,7 @@ unreleased
 ==========
 
   * Fix emitted 416 error missing headers property
+  * Limit the headers removed for 304 response
   * deps: depd@2.0.0
     - Replace internal `eval` usage with `Function` constructor
     - Use instance methods on `process` to check for listeners

index.js

@@ -347,21 +347,19 @@ SendStream.prototype.isPreconditionFailure = function isPreconditionFailure () {
 }
 
 /**
- * Strip content-* header fields.
+ * Strip various content header fields for a change in entity.
  *
  * @private
  */
 
 SendStream.prototype.removeContentHeaderFields = function removeContentHeaderFields () {
   var res = this.res
-  var headers = getHeaderNames(res)
 
-  for (var i = 0; i < headers.length; i++) {
-    var header = headers[i]
-    if (header.substr(0, 8) === 'content-' && header !== 'content-location') {
-      res.removeHeader(header)
-    }
-  }
+  res.removeHeader('Content-Encoding')
+  res.removeHeader('Content-Language')
+  res.removeHeader('Content-Length')
+  res.removeHeader('Content-Range')
+  res.removeHeader('Content-Type')
 }
 
 /**

test/send.js

@@ -440,6 +440,27 @@ describe('send(file).pipe(res)', function () {
         })
     })
 
+    it('should not remove all Content-* headers', function (done) {
+      var server = createServer({ root: fixtures }, function (req, res) {
+        res.setHeader('Content-Location', 'http://localhost/name.txt')
+        res.setHeader('Content-Security-Policy', 'default-src \'self\'')
+      })
+
+      request(server)
+        .get('/name.txt')
+        .expect(200, function (err, res) {
+          if (err) return done(err)
+          request(server)
+            .get('/name.txt')
+            .set('If-None-Match', res.headers.etag)
+            .expect(shouldNotHaveHeader('Content-Length'))
+            .expect(shouldNotHaveHeader('Content-Type'))
+            .expect('Content-Location', 'http://localhost/name.txt')
+            .expect('Content-Security-Policy', 'default-src \'self\'')
+            .expect(304, done)
+        })
+    })
+
     describe('where "If-Match" is set', function () {
       it('should respond with 200 when "*"', function (done) {
         request(app)