From f53edbb7f4f7ebdd936d3d714d84d52f2d3d00f3 Mon Sep 17 00:00:00 2001
From: Douglas Christopher Wilson <doug@somethingdoug.com>
Date: Sun, 20 Mar 2022 23:43:48 -0400
Subject: [PATCH] Limit the headers removed for 304 response

closes #204
---
 HISTORY.md   |  1 +
 index.js     | 14 ++++++--------
 test/send.js | 21 +++++++++++++++++++++
 3 files changed, 28 insertions(+), 8 deletions(-)

diff --git a/HISTORY.md b/HISTORY.md
index 581fa89..9fd925f 100644
--- a/HISTORY.md
+++ b/HISTORY.md
@@ -2,6 +2,7 @@ unreleased
 ==========
 
   * Fix emitted 416 error missing headers property
+  * Limit the headers removed for 304 response
   * deps: depd@2.0.0
     - Replace internal `eval` usage with `Function` constructor
     - Use instance methods on `process` to check for listeners
diff --git a/index.js b/index.js
index e0441da..89afd7e 100644
--- a/index.js
+++ b/index.js
@@ -347,21 +347,19 @@ SendStream.prototype.isPreconditionFailure = function isPreconditionFailure () {
 }
 
 /**
- * Strip content-* header fields.
+ * Strip various content header fields for a change in entity.
  *
  * @private
  */
 
 SendStream.prototype.removeContentHeaderFields = function removeContentHeaderFields () {
   var res = this.res
-  var headers = getHeaderNames(res)
 
-  for (var i = 0; i < headers.length; i++) {
-    var header = headers[i]
-    if (header.substr(0, 8) === 'content-' && header !== 'content-location') {
-      res.removeHeader(header)
-    }
-  }
+  res.removeHeader('Content-Encoding')
+  res.removeHeader('Content-Language')
+  res.removeHeader('Content-Length')
+  res.removeHeader('Content-Range')
+  res.removeHeader('Content-Type')
 }
 
 /**
diff --git a/test/send.js b/test/send.js
index 04a68b6..d419f8f 100644
--- a/test/send.js
+++ b/test/send.js
@@ -440,6 +440,27 @@ describe('send(file).pipe(res)', function () {
         })
     })
 
+    it('should not remove all Content-* headers', function (done) {
+      var server = createServer({ root: fixtures }, function (req, res) {
+        res.setHeader('Content-Location', 'http://localhost/name.txt')
+        res.setHeader('Content-Security-Policy', 'default-src \'self\'')
+      })
+
+      request(server)
+        .get('/name.txt')
+        .expect(200, function (err, res) {
+          if (err) return done(err)
+          request(server)
+            .get('/name.txt')
+            .set('If-None-Match', res.headers.etag)
+            .expect(shouldNotHaveHeader('Content-Length'))
+            .expect(shouldNotHaveHeader('Content-Type'))
+            .expect('Content-Location', 'http://localhost/name.txt')
+            .expect('Content-Security-Policy', 'default-src \'self\'')
+            .expect(304, done)
+        })
+    })
+
     describe('where "If-Match" is set', function () {
       it('should respond with 200 when "*"', function (done) {
         request(app)