A user has noticed that while attempting to retrieve a bitstream from
our Dspace instance their firewall blocked the returned information due
to our system sending a duplicate "Content-length" in the http header.
They pointed out that duplicate items in the http header can sometimes
form part of an attempt to inject malicious code to a web browser -
hence their system blocks such web responses.
Via a perl script that makes a request for bitstreams using LWP I
confirmed that there were two Content-length's being returned. It seems
like only one should be returned. Has any one encountered this? Is
there a fix for this? Any opinions?