Jason E Bailey created SLING-7760: ------------------------------------- Summary: Contextual Additional Response Headers Key: SLING-7760 URL: https://issues.apache.org/jira/browse/SLING-7760 Project: Sling Issue Type: Improvement Reporter: Jason E Bailey
Currently, for us to set the global response headers we need to add these to the Sling Main Servlet. The problem with this is * Any changes to the Sling Main Servlet ends up with the service restarting. This has a negative overall effect to the environment * We run multiple domains out of a single instance. For a Content-Security-Header we end up putting in exemptions that should apply to one site for all sites. This is problematic from a security perspective Ideally we would be able to configure headers based on the domain that's being requested -- This message was sent by Atlassian JIRA (v7.6.3#76005)