bug in forum software

**ken_yap** · 17-Nov-2011, 00:47

This bug seems to be triggered when your browsing session has been inactive for a while, and you click on New Posts. Rather than taking you to the login page (or maybe it tried to), it sends two Location: headers which are for redirection. Chrome interprets this as an attack attempt and gives the message below.

Duplicate headers received from server

The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple Location headers received. This is disallowed to protect against HTTP response splitting attacks.

The workaround is to go to the home page forums.opensuse.org and login in again. It's not seen very often and probably only on Chrome, which is getting very careful.

**hendersj** · 18-Nov-2011, 21:01

On Thu, 17 Nov 2011 07:56:02 +0000, ken yap wrote:

> This bug seems to be triggered when your browsing session has been
> inactive for a while, and you click on New Posts. Rather than taking you
> to the login page (or maybe it tried to), it sends two Location: headers
> which are for redirection. Chrome interprets this as an attack attempt
> and gives the message below.
>
>> Duplicate headers received from server
>>
>> The response from the server contained duplicate headers. This problem
>> is generally the result of a misconfigured website or proxy. Only the
>> website or proxy administrator can fix this issue.
>> Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple
>> Location headers received. This is disallowed to protect against HTTP
>> response splitting attacks.
>
> The workaround is to go to the home page forums.opensuse.org and login
> in again. It's not seen very often and probably only on Chrome, which is
> getting very careful.

Which version of Chrome are you using?

I'll try to duplicate it.

Jim

--
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

**ken_yap** · 23-Nov-2011, 21:12

I think it started happening with the most recent release of Chrome (15?) which I think is the beta channel.

**hendersj** · 23-Nov-2011, 23:40

On Thu, 24 Nov 2011 04:16:02 +0000, ken yap wrote:

> I think it started happening with the most recent release of Chrome
> (15?) which I think is the beta channel.

I've got version 15 on my system here.

Jim
--
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

**hendersj** · 23-Nov-2011, 23:46

On Thu, 24 Nov 2011 06:40:32 +0000, Jim Henderson wrote:

> On Thu, 24 Nov 2011 04:16:02 +0000, ken yap wrote:
>
>> I think it started happening with the most recent release of Chrome
>> (15?) which I think is the beta channel.
>
> I've got version 15 on my system here.

And I'm going to test it.

I should have specified that.

Jim

--
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

**ken_yap** · 24-Nov-2011, 01:55

Sorry, it's 16 here that's beta. Was offsite today.

**hendersj** · 24-Nov-2011, 10:47

On Thu, 24 Nov 2011 08:56:02 +0000, ken yap wrote:

> Sorry, it's 16 here that's beta. Was offsite today.

No problem, 15 didn't do it, so I'll see about grabbing 16 later today or
tomorrow and give it a try.

Jim

--
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

**krishnakiran** · 08-Dec-2011, 06:51

Hi , i have got an error saying 'Duplicate headers received from server' in chrome.
And the details are
"The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple Location headers received. This is disallowed to protect against HTTP response splitting attacks."

how to fix the bug?? Can any one help me?

**hendersj** · 10-Dec-2011, 10:31

On Thu, 08 Dec 2011 13:56:02 +0000, krishnakiran wrote:

> Hi , i have got an error saying 'Duplicate headers received from server'
> in chrome.
> And the details are "The response from the server contained duplicate
> headers. This problem is generally the result of a misconfigured website
> or proxy. Only the website or proxy administrator can fix this issue.
> Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple
> Location headers received. This is disallowed to protect against HTTP
> response splitting attacks."
>
> how to fix the bug?? Can any one help me?

Which browser are you using, and on what OS?

Jim

--
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

**swerdna** · 01-Jan-2012, 12:15

Has there been any more on this Jim? I've been getting it for about a month IIRC, first thing in the morning. My browser is google-chrome version 16.0.912.63.