Jason E Bailey created SLING-7760:
-------------------------------------
Summary: Contextual Additional Response Headers
Key: SLING-7760
URL: https://issues.apache.org/jira/browse/SLING-7760
Project: Sling
Issue Type: Improvement
Reporter: Jason E Bailey
Currently, for us to set the global response headers we need to add these to
the Sling Main Servlet.
The problem with this is
* Any changes to the Sling Main Servlet ends up with the service restarting.
This has a negative overall effect to the environment
* We run multiple domains out of a single instance. For a
Content-Security-Header we end up putting in exemptions that should apply to
one site for all sites. This is problematic from a security perspective
Ideally we would be able to configure headers based on the domain that's being
requested
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
