Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: bug in forum software

  1. #1
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,941
    Blog Entries
    4

    Default bug in forum software

    This bug seems to be triggered when your browsing session has been inactive for a while, and you click on New Posts. Rather than taking you to the login page (or maybe it tried to), it sends two Location: headers which are for redirection. Chrome interprets this as an attack attempt and gives the message below.

    Duplicate headers received from server

    The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
    Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple Location headers received. This is disallowed to protect against HTTP response splitting attacks.
    The workaround is to go to the home page forums.opensuse.org and login in again. It's not seen very often and probably only on Chrome, which is getting very careful.

  2. #2
    Join Date
    Jul 2008
    Location
    Bellevue, WA
    Posts
    14,394

    Default Re: bug in forum software

    On Thu, 17 Nov 2011 07:56:02 +0000, ken yap wrote:

    > This bug seems to be triggered when your browsing session has been
    > inactive for a while, and you click on New Posts. Rather than taking you
    > to the login page (or maybe it tried to), it sends two Location: headers
    > which are for redirection. Chrome interprets this as an attack attempt
    > and gives the message below.
    >
    >> Duplicate headers received from server
    >>
    >> The response from the server contained duplicate headers. This problem
    >> is generally the result of a misconfigured website or proxy. Only the
    >> website or proxy administrator can fix this issue.
    >> Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple
    >> Location headers received. This is disallowed to protect against HTTP
    >> response splitting attacks.

    >
    > The workaround is to go to the home page forums.opensuse.org and login
    > in again. It's not seen very often and probably only on Chrome, which is
    > getting very careful.


    Which version of Chrome are you using?

    I'll try to duplicate it.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  3. #3
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,941
    Blog Entries
    4

    Default Re: bug in forum software

    I think it started happening with the most recent release of Chrome (15?) which I think is the beta channel.

  4. #4
    Join Date
    Jul 2008
    Location
    Bellevue, WA
    Posts
    14,394

    Default Re: bug in forum software

    On Thu, 24 Nov 2011 04:16:02 +0000, ken yap wrote:

    > I think it started happening with the most recent release of Chrome
    > (15?) which I think is the beta channel.


    I've got version 15 on my system here.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  5. #5
    Join Date
    Jul 2008
    Location
    Bellevue, WA
    Posts
    14,394

    Default Re: bug in forum software

    On Thu, 24 Nov 2011 06:40:32 +0000, Jim Henderson wrote:

    > On Thu, 24 Nov 2011 04:16:02 +0000, ken yap wrote:
    >
    >> I think it started happening with the most recent release of Chrome
    >> (15?) which I think is the beta channel.

    >
    > I've got version 15 on my system here.


    And I'm going to test it. I should have specified that.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  6. #6
    Join Date
    Jun 2008
    Location
    UTC+10
    Posts
    9,941
    Blog Entries
    4

    Default Re: bug in forum software

    Sorry, it's 16 here that's beta. Was offsite today.

  7. #7
    Join Date
    Jul 2008
    Location
    Bellevue, WA
    Posts
    14,394

    Default Re: bug in forum software

    On Thu, 24 Nov 2011 08:56:02 +0000, ken yap wrote:

    > Sorry, it's 16 here that's beta. Was offsite today.


    No problem, 15 didn't do it, so I'll see about grabbing 16 later today or
    tomorrow and give it a try.

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  8. #8

    Default Re: bug in forum software

    Hi , i have got an error saying 'Duplicate headers received from server' in chrome.
    And the details are
    "The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
    Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple Location headers received. This is disallowed to protect against HTTP response splitting attacks."

    how to fix the bug?? Can any one help me?

  9. #9
    Join Date
    Jul 2008
    Location
    Bellevue, WA
    Posts
    14,394

    Default Re: bug in forum software

    On Thu, 08 Dec 2011 13:56:02 +0000, krishnakiran wrote:

    > Hi , i have got an error saying 'Duplicate headers received from server'
    > in chrome.
    > And the details are "The response from the server contained duplicate
    > headers. This problem is generally the result of a misconfigured website
    > or proxy. Only the website or proxy administrator can fix this issue.
    > Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple
    > Location headers received. This is disallowed to protect against HTTP
    > response splitting attacks."
    >
    > how to fix the bug?? Can any one help me?


    Which browser are you using, and on what OS?

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  10. #10
    Join Date
    Mar 2008
    Location
    Oz
    Posts
    10,968
    Blog Entries
    2

    Default Re: bug in forum software

    Has there been any more on this Jim? I've been getting it for about a month IIRC, first thing in the morning. My browser is google-chrome version 16.0.912.63.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •