This bug seems to be triggered when your browsing session has been inactive for a while, and you click on New Posts. Rather than taking you to the login page (or maybe it tried to), it sends two Location: headers which are for redirection. Chrome interprets this as an attack attempt and gives the message below.
Duplicate headers received from server
The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple Location headers received. This is disallowed to protect against HTTP response splitting attacks.
The workaround is to go to the home page forums.opensuse.org and login in again. It’s not seen very often and probably only on Chrome, which is getting very careful.
On Thu, 17 Nov 2011 07:56:02 +0000, ken yap wrote:
> This bug seems to be triggered when your browsing session has been
> inactive for a while, and you click on New Posts. Rather than taking you
> to the login page (or maybe it tried to), it sends two Location: headers
> which are for redirection. Chrome interprets this as an attack attempt
> and gives the message below.
>
>> Duplicate headers received from server
>>
>> The response from the server contained duplicate headers. This problem
>> is generally the result of a misconfigured website or proxy. Only the
>> website or proxy administrator can fix this issue.
>> Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple
>> Location headers received. This is disallowed to protect against HTTP
>> response splitting attacks.
>
> The workaround is to go to the home page forums.opensuse.org and login
> in again. It’s not seen very often and probably only on Chrome, which is
> getting very careful.
Công ty Cổ Phần BTK Cơ Điện (BTK ME jsc.,) là đơn vị thành viên của Tập đoàn Phát triển Công nghệ BTK, chuyên phân phối các thiết bị Phòng cháy chữa cháy và Cơ điện.
Hoạt động trong lĩnh vực PCCC, một lĩnh vực đặc biệt quan trọng, do đó phương châm “Chất lượng, sự hài lòng của khách hàng là hàng đầu” đã thấm nhuần trong từng sản phẩm, từng cán bộ, công nhân viên của công ty và trở thành kim chỉ nan cho mọi hành động của chúng tôi.
Hiện nay,công ty là đại lý cho các tập đoàn lớn về thiết bị phòng cháy chữa cháy với sản phẩm nổi bật
**(http://btk-online.vn/) ABC 4KG MFZL4 có dung lượng 4±0.08, áp suất làm việc 1.2 MPa, phạm vi xả ≥4, thời gian xả ≥1, nhiệt độ làm việc -20~+55˚C lăng phun Sản xuất trên dây truyền công nghệ Việt, sản phẩm thể hiện rõ tính ưu việt, dễ sử dụng và mang lại hiệu quả tốt. van chữa cháy là loại van cứu hỏa lắp đặt trong hộp phòng cháy chữa cháy, được sử dụng để cho lính cứu hỏa tháo nước ra ngoài trong suốt quá trình chữa cháy. vòi chữa cháy D65-10AT: có áp suất hoạt động(MPa): 10MPa, chiều dài (m) là 20m, chất liệu là PVC
**(http://btk-online.vn/) DBD Series. Lưu lượng 250(m³/h). Cột áp 220m. Được sử dụng rộng rãi trong phòng cháy chữa cháy vật tư ngành nước
Hãy đến với công ty chúng tôi để chọn được sản phẩm tốt nhất.****
On Thu, 24 Nov 2011 06:40:32 +0000, Jim Henderson wrote:
> On Thu, 24 Nov 2011 04:16:02 +0000, ken yap wrote:
>
>> I think it started happening with the most recent release of Chrome
>> (15?) which I think is the beta channel.
>
> I’ve got version 15 on my system here.
And I’m going to test it. I should have specified that.
Hi , i have got an error saying ‘Duplicate headers received from server’ in chrome.
And the details are
“The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple Location headers received. This is disallowed to protect against HTTP response splitting attacks.”
On Thu, 08 Dec 2011 13:56:02 +0000, krishnakiran wrote:
> Hi , i have got an error saying ‘Duplicate headers received from server’
> in chrome.
> And the details are “The response from the server contained duplicate
> headers. This problem is generally the result of a misconfigured website
> or proxy. Only the website or proxy administrator can fix this issue.
> Error 350 (net::ERR_RESPONSE_HEADERS_MULTIPLE_LOCATION): Multiple
> Location headers received. This is disallowed to protect against HTTP
> response splitting attacks.”
>
> how to fix the bug?? Can any one help me?
Has there been any more on this Jim? I’ve been getting it for about a month IIRC, first thing in the morning. My browser is google-chrome version 16.0.912.63.
On Sun, 01 Jan 2012 19:16:02 +0000, swerdna wrote:
> Has there been any more on this Jim? I’ve been getting it for about a
> month IIRC, first thing in the morning. My browser is google-chrome
> version 16.0.912.63.
I hadn’t heard anything more about it from the OP in this thread, so
hadn’t pursued anything on it myself. We may need Kim to open a bug on
it to get someone to look at it.
I’ve encountered this behaviour in one my application. The newest Chrome complains if it gets any header twice - I was sending Content-Disposition twice and Chrome failed with a similar error while all other browsers worked fine.
Anyway, this is a bug in the server software, we should not send the same header more times. On the other hand Chrome should handle it more gracefully, but it’s easier to fix our software than Chrome .
Sorry I haven’t been monitoring this thread. It’s a regular occurrence and annoyance now with Chrome 16 now the stable version. As you can see others can corroborate my experiences.
On Sun, 01 Jan 2012 22:46:02 +0000, ken yap wrote:
> hendersj;2425055 Wrote:
>> I hadn’t heard anything more about it from the OP in this thread, so
>> hadn’t pursued anything on it myself. We may need Kim to open a bug on
>> it to get someone to look at it.
>
> Sorry I haven’t been monitoring this thread. It’s a regular occurrence
> and annoyance now with Chrome 16 now the stable version. As you can see
> others can corroborate my experiences.
I should have specified that.