Magento - Duplicate headers received from server

Question

The issue is that sometimes I get this error in Google Chrome when I filter an order export:

Duplicate headers received from server
The response from the server contained duplicate headers. This problem is generally the result of a misconfigured website or proxy. Only the website or proxy administrator can fix this issue.
Error 349 (net::ERR_RESPONSE_HEADERS_MULTIPLE_CONTENT_DISPOSITION): Multiple Content-Disposition headers received. This is disallowed to protect against HTTP response splitting attacks.

I'm talking about the Sales > Orders screen.

Say I filter it by an order number so that I only want to export 1 actual order to .csv file.

In FF, IE, etc this seems to work. And most of the times it also works in Chrome (16 - latest version at the time of this posting).

According to this post: 'Duplicate headers received from server' Error in Chrome 16 with EPPlus 2.9 he was able to deduce that it was something to do with ","s as the delimeter.

I tried going to lib/Varien/File/Csv.php and changing the delimeter to ";" but that did not seem to work...

Anyone have any suggestions?

Note: There are some fixes out there for Chrome itself (I think) but I want to fix it via Magento if possible.

Answer 1

Seem that magento didn't send headers correctly in thats case.

It's not the "comma in filename" bug here but it look like Magento send the same header twice.

You can fix this issue by changing 3 lines in app/code/core/Mage/Core/Controller/Varien/Action.php. Look at the _prepareDownloadResponse method and change the following:

$this->getResponse()
->setHttpResponseCode(200)
->setHeader('Pragma', 'public', true)
->setHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0', true)
->setHeader('Content-type', $contentType, true)
->setHeader('Content-Length', is_null($contentLength) ? strlen($content) : $contentLength)
->setHeader('Content-Disposition', 'attachment; filename="'.$fileName.'"')
->setHeader('Last-Modified', date('r'));

by

$this->getResponse()
->setHttpResponseCode(200)
->setHeader('Pragma', 'public', true)
->setHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0', true)
->setHeader('Content-type', $contentType, true)
->setHeader('Content-Length', is_null($contentLength) ? strlen($content) : $contentLength, true)
->setHeader('Content-Disposition', 'attachment; filename="'.$fileName.'"', true)
->setHeader('Last-Modified', date('r'), true);

The best is to not apply this change to the core classes but create a copy of this class and put it here: /app/code/local/Mage/core/Controller/Varien/Action.php.

Look like this bug will be fixed in the next release of Magento 1.7.