Closed Bug 846314 Opened 7 years ago Closed 6 years ago

Playstation Store is sending multiple Access-Control-Allow-Origin headers

Categories

(Tech Evangelism Graveyard :: English US, defect)

Product:
Tech Evangelism Graveyard
Component:
English US
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set

Tracking

(Not tracked)

Status:
RESOLVED WORKSFORME

People

(Reporter: jdm, Assigned: jdm)

References

Details

[jdm@rosencrantz build]$ curl https://store.sonyentertainmentnetwork.com/ -i
HTTP/1.1 200 OK
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: https://store.sonyentertainmentnetwork.com/
Access-Control-Allow-Origin: http://store.sonyentertainmentnetwork.com/
Content-Type: text/html; charset=UTF-8
ETag: "28028b-221d1-4d58a5e970000"
Last-Modified: Tue, 12 Feb 2013 17:29:36 GMT
Server: Apache
X-Cache-Lookup: HIT from ip-10.241.2.250:80
X-Frame-Options: SAMEORIGIN
Expires: Thu, 28 Feb 2013 14:49:54 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Thu, 28 Feb 2013 14:49:54 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
As described in bug 845273, this is correctly classified as invalid by Firefox, so the server output should be modified.
Contacted via twitter, since there does not appear to be an email contact method listed on the main Sony Entertainment Network website.
Contacted via Facebook, got a response from Playstation AU, so hopefully it's made it to the relevant people!
Duplicate of this bug: 850468
Page has been updated, no longer sending multiple access-control-allow-origin

Accept-Ranges: bytes
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: GET
access-control-allow-origin: https://store.sonyentertainmentnetwork.com/, http://store.sonyentertainmentnetwork.com/
Content-Encoding: gzip
Content-Type: text/html; charset=UTF-8
Etag: "700327-236cd-4d6e7508c3d00"
Last-Modified: Sat, 02 Mar 2013 01:48:04 GMT
Server: Apache
Vary: Accept-Encoding
X-Cache-Lookup: HIT from ip-10.241.2.250:80
X-Frame-Options: SAMEORIGIN
Content-Length: 23410
Expires: Mon, 25 Mar 2013 22:08:42 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Mon, 25 Mar 2013 22:08:42 GMT
Connection: keep-alive

200 OK

This doesn't seem to be entirely correct (having two urls delimited by a comma), but it's not sending two headers
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → WORKSFORME
Product: Tech Evangelism → Tech Evangelism Graveyard
You need to log in before you can comment on or make changes to this bug.