I should clarify a bit Stephan -- it was not specifically a doubled Access-Control-Allow-Origin header that destroyed my week but rather was a doubled Content-Length header. I was in the same boat as you though. If I explicitly added it it was doubled, and if not it wasn't correct (on that server config anyways -- which I did not have good control over).
But doubled headers in general are now considered a security risk so current Firefox and chrome treat them harshly. I did find a blackhat paper describing an exploit using doubled Access-Control-Allow-Origin -- but again with the eye pain. Good luck :) On Fri, Feb 8, 2013 at 12:48 AM, Stephan Beal <sgb...@googlemail.com<javascript:_e({}, 'cvml', 'sgb...@googlemail.com');> > wrote: > On Fri, Feb 8, 2013 at 2:26 AM, Themba Fletcher > <themba.fletc...@gmail.com<javascript:_e({}, 'cvml', > 'themba.fletc...@gmail.com');> > > wrote: > >> Whoops -- please ignore the previous stuff for now. >> >> You have a doubled "Access-Control-Allow-Origin" header in your response: >> > > i saw that but "it's not my fault" - if i don't configure Apache to send > this header then it does not. If i do configure it to send the header then > it sends it twice. No idea why, but it seems harmless enough for now. > > >> >> 1. >> >> Doubled headers have absolutely destroyed me in the past -- I'd start >> there ... >> > > Or maybe it's not harmless. i'll see what i can do about that, then. > Thanks for the tip. > > -- > ----- stephan beal > http://wanderinghorse.net/home/stephan/ > http://gplus.to/sgbeal > > _______________________________________________ > fossil-users mailing list > fossil-users@lists.fossil-scm.org <javascript:_e({}, 'cvml', > 'fossil-users@lists.fossil-scm.org');> > http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users > >
_______________________________________________ fossil-users mailing list fossil-users@lists.fossil-scm.org http://lists.fossil-scm.org:8080/cgi-bin/mailman/listinfo/fossil-users