I should clarify a bit Stephan -- it was not specifically a doubled
Access-Control-Allow-Origin header that destroyed my week but rather was a
doubled Content-Length header. I was in the same boat as you though. If I
explicitly added it it was doubled, and if not it wasn't correct (on that
server config anyways -- which I did not have good control over).
But doubled headers in general are now considered a security risk
so current Firefox and chrome treat them harshly. I did find a blackhat
paper describing an exploit using doubled Access-Control-Allow-Origin --
but again with the eye pain.
Good luck :)
On Fri, Feb 8, 2013 at 12:48 AM, Stephan Beal
<sgb...@googlemail.com<javascript:_e({}, 'cvml',
'sgb...@googlemail.com');>
> wrote:
> On Fri, Feb 8, 2013 at 2:26 AM, Themba Fletcher
> <themba.fletc...@gmail.com<javascript:_e({}, 'cvml',
> 'themba.fletc...@gmail.com');>
> > wrote:
>
>> Whoops -- please ignore the previous stuff for now.
>>
>> You have a doubled "Access-Control-Allow-Origin" header in your response:
>>
>
> i saw that but "it's not my fault" - if i don't configure Apache to send
> this header then it does not. If i do configure it to send the header then
> it sends it twice. No idea why, but it seems harmless enough for now.
>
>
>>
>> 1.
>>
>> Doubled headers have absolutely destroyed me in the past -- I'd start
>> there ...
>>
>
> Or maybe it's not harmless. i'll see what i can do about that, then.
> Thanks for the tip.
>
> --
> ----- stephan beal
> http://wanderinghorse.net/home/stephan/
> http://gplus.to/sgbeal
>
> _______________________________________________
> fossil-users mailing list
> fossil-users@lists.fossil-scm.org <javascript:_e({}, 'cvml',
> 'fossil-users@lists.fossil-scm.org');>
> http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
>
>
_______________________________________________
fossil-users mailing list
fossil-users@lists.fossil-scm.org
http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users
