[Dspace-devel] [DuraSpace JIRA] (DS-1422) Duplicate Headers when bitstream has a comma in the title. (Chrome)

Thu, 13 Dec 2012 13:13:32 -0800 

Jonathan Blood created DS-1422:
----------------------------------

             Summary: Duplicate Headers when bitstream has a comma in the 
title. (Chrome) 
                 Key: DS-1422
                 URL: https://jira.duraspace.org/browse/DS-1422
             Project: DSpace
          Issue Type: Bug
          Components: JSPUI, XMLUI
    Affects Versions: 3.0, 1.8.0, 1.6.0
            Reporter: Jonathan Blood
            Priority: Major


So the error:
Duplicate headers received from server
The response from the server contained duplicate headers. This problem is 
generally the result of a misconfigured website or proxy. Only the website or 
proxy administrator can fix this issue.
Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple 
distinct Content-Disposition headers received. This is disallowed to protect 
against HTTP response splitting attacks.

How to reproduce this error: 
The error only happens on Chrome. 
On XMLUI or JSPUI. 
- Upload a file that contains a comma in the title. 
- Go to the item view page for item. 
- On this page it should list the bitstreams. Download the bitstream with the 
comma in the title. 
- This should produce the above error.

I think you need to ensure that the file is one that will be downloaded and not 
one viewed in the browser for the error to occur. 

The affected versions I listed are of the versions I've tested. But I'd assume 
this is an issue with all of them. 

Does anyone have a fix for this issue?

I've noticed this problem on other software such as 
http://tracker.moodle.org/browse/MDL-32889
I've attempted the fix that was applied to Moodle on Dspace. i.e. enclosing the 
filename in quotes 
such as:
 response.setHeader("Content-Disposition", "attachment;filename=" +'"' + name + 
'"');


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

------------------------------------------------------------------------------
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
_______________________________________________
Dspace-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/dspace-devel

Reply via email to