From 889e765bd9037e6d0f7c0ebcf51b877d40069707 Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Wed, 10 Jan 2018 13:47:53 +0000
Subject: [PATCH 1/2] avoid ap_set_content_type when processing a
 _Request_Header set|edit|unset Content-Type.

identified by ylavic

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1820750 13f79535-47bb-0310-9956-ffa450edef68
(cherry picked from commit 62e7bd1c9f46652bdd90041e53d7186192a984c3)
---
 CHANGES                        |  8 ++++++++
 changes-entries/1820750.txt    |  4 ++++
 modules/metadata/mod_headers.c | 12 +++++++++---
 3 files changed, 21 insertions(+), 3 deletions(-)
 create mode 100644 changes-entries/1820750.txt

diff --git a/CHANGES b/CHANGES
index 529a2c96bf9..40096bd6982 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,8 +1,16 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.64
 
+  *) mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could 
+     inadvertently modify the Content-Type _response_ header. Applies to
+     Content-Type only and likely to only affect static file responses.
+     [Eric Covener]
+
 Changes with Apache 2.4.63
 
+  *) mod_cgi: Improve AH01215 messages to make it more clear that the message is
+     the CGI scripts stderr output. PR 61980. [Hank Ibell <hwibell gmail.com>]
+
   *) mod_dav: Update redirect-carefully example BrowserMatch config
      to match more recent client versions.  PR 66148, 67039.
      [Michal Maloszewski <michal.maloszewski canonical.com>,
diff --git a/changes-entries/1820750.txt b/changes-entries/1820750.txt
new file mode 100644
index 00000000000..a0adca8728d
--- /dev/null
+++ b/changes-entries/1820750.txt
@@ -0,0 +1,4 @@
+  *) mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could
+     inadvertently modify the Content-Type _response_ header. Applies to
+     Content-Type only and likely to only affect static file responses.
+     [Eric Covener]
diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c
index 4838bd6cd0d..a9784f6605a 100644
--- a/modules/metadata/mod_headers.c
+++ b/modules/metadata/mod_headers.c
@@ -782,14 +782,16 @@ static int do_headers_fixup(request_rec *r, apr_table_t *headers,
             }
             break;
         case hdr_set:
-            if (!ap_cstr_casecmp(hdr->header, "Content-Type")) {
+            if (r->headers_in != headers && 
+                !ap_cstr_casecmp(hdr->header, "Content-Type")) {
                  ap_set_content_type_ex(r, process_tags(hdr, r), 1);
             }
             apr_table_setn(headers, hdr->header, process_tags(hdr, r));
             break;
         case hdr_setifempty:
             if (NULL == apr_table_get(headers, hdr->header)) {
-                if (!ap_cstr_casecmp(hdr->header, "Content-Type")) {
+                if (r->headers_in != headers &&
+                    !ap_cstr_casecmp(hdr->header, "Content-Type")) {
                     ap_set_content_type_ex(r, process_tags(hdr, r), 1);
                 }
                 apr_table_setn(headers, hdr->header, process_tags(hdr, r));
@@ -797,6 +799,10 @@ static int do_headers_fixup(request_rec *r, apr_table_t *headers,
             break;
         case hdr_unset:
             apr_table_unset(headers, hdr->header);
+            if (r->headers_in != headers &&
+                !ap_cstr_casecmp(hdr->header, "Content-Type")) {
+                ap_set_content_type(r, NULL);
+            }
             break;
         case hdr_echo:
             v.r = r;
@@ -809,7 +815,7 @@ static int do_headers_fixup(request_rec *r, apr_table_t *headers,
                 const char *repl = process_regexp(hdr, r->content_type, r);
                 if (repl == NULL)
                     return 0;
-                ap_set_content_type_ex(r, repl, 1);
+                if (r->headers_in != headers) ap_set_content_type_ex(r, repl, 1);
             }
             if (apr_table_get(headers, hdr->header)) {
                 edit_do ed;

From b638647493ffd80c3ba96f9f2929658e68c6b121 Mon Sep 17 00:00:00 2001
From: Eric Covener <ecovener@us.ibm.com>
Date: Fri, 30 May 2025 10:41:26 -0400
Subject: [PATCH 2/2] backport, conflicts

---
 CHANGES                        | 8 --------
 modules/metadata/mod_headers.c | 2 +-
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/CHANGES b/CHANGES
index 40096bd6982..529a2c96bf9 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,16 +1,8 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.64
 
-  *) mod_headers: 'RequestHeader set|edit|edit_r Content-Type X' could 
-     inadvertently modify the Content-Type _response_ header. Applies to
-     Content-Type only and likely to only affect static file responses.
-     [Eric Covener]
-
 Changes with Apache 2.4.63
 
-  *) mod_cgi: Improve AH01215 messages to make it more clear that the message is
-     the CGI scripts stderr output. PR 61980. [Hank Ibell <hwibell gmail.com>]
-
   *) mod_dav: Update redirect-carefully example BrowserMatch config
      to match more recent client versions.  PR 66148, 67039.
      [Michal Maloszewski <michal.maloszewski canonical.com>,
diff --git a/modules/metadata/mod_headers.c b/modules/metadata/mod_headers.c
index a9784f6605a..57da3fc538d 100644
--- a/modules/metadata/mod_headers.c
+++ b/modules/metadata/mod_headers.c
@@ -782,7 +782,7 @@ static int do_headers_fixup(request_rec *r, apr_table_t *headers,
             }
             break;
         case hdr_set:
-            if (r->headers_in != headers && 
+            if (r->headers_in != headers &&
                 !ap_cstr_casecmp(hdr->header, "Content-Type")) {
                  ap_set_content_type_ex(r, process_tags(hdr, r), 1);
             }