Hi,
you could use a org.apache.tapestry5.services.RequestFilter.class to access
the response (
http://tapestry.apache.org/current/apidocs//org/apache/tapestry5/services/RequestFilter.html
)
Something like this (untested code):
public class MySecurityHeadersRequestFilter implements RequestFilter {
@Override
public boolean service(Request request, Response response,
RequestHandler handler) throws IOException {
response.addHeader("X-Frame-Options", "my options");
return handler.service(request, response);
}
}
Then just contribute it in a module:
public static void
contributeRequestHandler(OrderedConfiguration<RequestFilter> conf) {
conf.addInstance("my-security-headers",
MySecurityHeadersRequestFilter.class);
}
On Wed, Oct 3, 2018 at 5:59 PM Ajay Arora <toajayar...@gmail.com> wrote:
> Hello All,
>
> We're looking for ways to add different http security headers
> like X-Frame-Options, X-XSS-Protection and others into the http response.
> We're using Tapestry 5.4.3.
>
> One way I found was to add a additional filter in web.xml before the
> Tapestry Filter takes over but then it add the headers to all the requests
> like for static files and not sure if X-Frame-Options header etc should be
> included for the response of such type of requests.
>
> Feel like we should wait till Tapestry done handling the request and then
> add the security headers before the response goes to the client but could
> not find how to do it In Tapestry.
>
> is there a better way to do this in Tapestry?
>
> Thanks for your help !
>
Ben
--
Netzgut GmbH
